From: Stéphane Graber <stgraber@ubuntu.com>
Date: Mon, 13 Jan 2014 22:06:01 +0000 (-0500)
Subject: Add minimal userns config for plamo
X-Git-Tag: lxc-1.0.0.beta2~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb13115193f408eb4de08ea9b6c73c1fe22a0263;p=thirdparty%2Flxc.git

Add minimal userns config for plamo

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am
index e864e1a22..dd0dfa4bc 100644
--- a/config/templates/Makefile.am
+++ b/config/templates/Makefile.am
@@ -2,6 +2,7 @@ templatesconfigdir=@LXCTEMPLATECONFIG@
 
 templatesconfig_DATA = \
 	plamo.common.conf \
+	plamo.userns.conf \
 	ubuntu-cloud.common.conf \
 	ubuntu-cloud.lucid.conf \
 	ubuntu-cloud.userns.conf \
diff --git a/config/templates/plamo.userns.conf.in b/config/templates/plamo.userns.conf.in
new file mode 100644
index 000000000..330a2f0f1
--- /dev/null
+++ b/config/templates/plamo.userns.conf.in
@@ -0,0 +1,9 @@
+# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
+lxc.cgroup.devices.deny =
+lxc.cgroup.devices.allow =
+
+# Extra bind-mounts for userns
+lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
+lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
+lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
+lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
diff --git a/configure.ac b/configure.ac
index e1536931d..851426737 100644
--- a/configure.ac
+++ b/configure.ac
@@ -533,6 +533,7 @@ AC_CONFIG_FILES([
 	config/etc/Makefile
 	config/templates/Makefile
 	config/templates/plamo.common.conf
+	config/templates/plamo.userns.conf
 	config/templates/ubuntu-cloud.common.conf
 	config/templates/ubuntu-cloud.lucid.conf
 	config/templates/ubuntu-cloud.userns.conf