On Mon, Dec 09, 2013 at 02:19:05PM -0600, Serge Hallyn wrote: > Signed-off-by: Serge Hallyn <[email protected]>
Hmm, doesn't that duplicate the section on nesting? > --- > config/templates/ubuntu.common.conf.in | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/config/templates/ubuntu.common.conf.in > b/config/templates/ubuntu.common.conf.in > index ef4e818..4aeea7d 100644 > --- a/config/templates/ubuntu.common.conf.in > +++ b/config/templates/ubuntu.common.conf.in > @@ -21,6 +21,10 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time > # If you wish for it to instead run unconfined, copy the following line > # (uncommented) to the container's configuration file. > #lxc.aa_profile = unconfined > +# If you wish to only allow starting nested containers, then use the > following: > +#lxc.aa_profile = lxc-container-default-with-nesting > +# If you wish to allow mounting block filesystems, then use the following: > +#lxc.aa_profile = lxc-container-default-with-mounting > > # To support container nesting on an Ubuntu host while retaining most of > # apparmor's added security, use the following two lines instead. > @@ -56,3 +60,6 @@ lxc.cgroup.devices.allow = c 1:7 rwm > lxc.cgroup.devices.allow = c 10:228 rwm > ## kvm > lxc.cgroup.devices.allow = c 10:232 rwm > +## To use loop devices, copy the following line to the container's > +## configuration file (uncommented). > +#lxc.cgroup.devices.allow = b 7:* rwm > -- > 1.8.5.1 > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
