From 705bfae0d801ae08761f30a98eaa61c64e0f66b6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?St=C3=A9phane=20Graber?= Date: Tue, 28 Jan 2014 09:56:37 +0000 Subject: [PATCH] gentoo: Add basic userns config MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- config/templates/Makefile.am | 1 + config/templates/gentoo.userns.conf.in | 16 ++++++++++++++++ configure.ac | 1 + 3 files changed, 18 insertions(+) create mode 100644 config/templates/gentoo.userns.conf.in diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am index 52bab7d3c..47969a976 100644 --- a/config/templates/Makefile.am +++ b/config/templates/Makefile.am @@ -9,6 +9,7 @@ templatesconfig_DATA = \ fedora.userns.conf \ gentoo.common.conf \ gentoo.moresecure.conf \ + gentoo.userns.conf \ oracle.common.conf \ oracle.userns.conf \ plamo.common.conf \ diff --git a/config/templates/gentoo.userns.conf.in b/config/templates/gentoo.userns.conf.in new file mode 100644 index 000000000..f47ede33d --- /dev/null +++ b/config/templates/gentoo.userns.conf.in @@ -0,0 +1,16 @@ +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices +lxc.cgroup.devices.deny = +lxc.cgroup.devices.allow = + +# We can't move bind-mounts, so don't use /dev/lxc/ +lxc.devttydir = + +# Extra bind-mounts for userns +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 + +# Extra fstab entries as mountall can't mount those by itself +lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0 +lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0 diff --git a/configure.ac b/configure.ac index 1f730d96a..f6c95c1e6 100644 --- a/configure.ac +++ b/configure.ac @@ -570,6 +570,7 @@ AC_CONFIG_FILES([ config/templates/fedora.userns.conf config/templates/gentoo.common.conf config/templates/gentoo.moresecure.conf + config/templates/gentoo.userns.conf config/templates/oracle.common.conf config/templates/oracle.userns.conf config/templates/plamo.common.conf -- 2.47.2