The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7915
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
From 602317cfa68ffc3c9ad0dd8153632c7b9c5e56bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Tue, 22 Sep 2020 09:33:22 -0400
Subject: [PATCH] doc/projects: Sort config keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
doc/projects.md | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/doc/projects.md b/doc/projects.md
index 5d12928046..e8c1142e8d 100644
--- a/doc/projects.md
+++ b/doc/projects.md
@@ -18,29 +18,29 @@ currently supported:
Key | Type | Condition |
Default | Description
:-- | :-- | :-- | :--
| :--
features.images | boolean | - |
true | Separate set of images and image aliases for the
project
+features.networks | boolean | - |
true | Separate set of networks for the project
features.profiles | boolean | - |
true | Separate set of profiles for the project
features.storage.volumes | boolean | - |
true | Separate set of storage volumes for the project
-features.networks | boolean | - |
true | Separate set of networks for the project
limits.containers | integer | - | -
| Maximum number of containers that can be created in the
project
-limits.virtual-machines | integer | - | -
| Maximum number of VMs that can be created in the project
limits.cpu | integer | - | -
| Maximum value for the sum of individual "limits.cpu"
configs set on the instances of the project
limits.disk | string | - | -
| Maximum value of aggregate disk space used by all
instances volumes, custom volumes and images of the project
limits.memory | string | - | -
| Maximum value for the sum of individual "limits.memory"
configs set on the instances of the project
-limits.processes | integer | - | -
| Maximum value for the sum of individual
"limits.processes" configs set on the instances of the project
limits.networks | integer | - | -
| Maximum value for the number of networks this project
can have
+limits.processes | integer | - | -
| Maximum value for the sum of individual
"limits.processes" configs set on the instances of the project
+limits.virtual-machines | integer | - | -
| Maximum number of VMs that can be created in the project
restricted | boolean | - |
true | Block access to security-sensitive features
+restricted.containers.lowlevel | string | - |
block | Prevents use of low-level container options like
raw.lxc, raw.idmap, volatile, etc.
restricted.containers.nesting | string | - |
block | Prevents setting security.nesting=true.
restricted.containers.privilege | string | - |
unpriviliged | If "unpriviliged", prevents setting
security.privileged=true. If "isolated", prevents setting
security.privileged=true and also security.idmap.isolated=true. If "allow", no
restriction apply.
-restricted.containers.lowlevel | string | - |
block | Prevents use of low-level container options like
raw.lxc, raw.idmap, volatile, etc.
-restricted.virtual-machines.lowlevel | string | - |
block | Prevents use of low-level virtual-machine options
like raw.qemu, volatile, etc.
restricted.devices.disk | string | - |
managed | If "block" prevent use of disk devices except the
root one. If "managed" allow use of disk devices only if "pool=" is set. If
"allow", no restrictions apply.
restricted.devices.gpu | string | - |
block | Prevents use of devices of type "gpu"
-restricted.devices.usb | string | - |
block | Prevents use of devices of type "usb"
-restricted.devices.nic | string | - |
managed | If "block" prevent use of all network devices. If
"managed" allow use of network devices only if "network=" is set. If "allow",
no restrictions apply.
restricted.devices.infiniband | string | - |
block | Prevents use of devices of type "infiniband"
-restricted.devices.unix-char | string | - |
block | Prevents use of devices of type "unix-char"
+restricted.devices.nic | string | - |
managed | If "block" prevent use of all network devices. If
"managed" allow use of network devices only if "network=" is set. If "allow",
no restrictions apply.
restricted.devices.unix-block | string | - |
block | Prevents use of devices of type "unix-block"
+restricted.devices.unix-char | string | - |
block | Prevents use of devices of type "unix-char"
restricted.devices.unix-hotplug | string | - |
block | Prevents use of devices of type "unix-hotplug"
+restricted.devices.usb | string | - |
block | Prevents use of devices of type "usb"
+restricted.virtual-machines.lowlevel | string | - |
block | Prevents use of low-level virtual-machine options
like raw.qemu, volatile, etc.
Those keys can be set using the lxc tool with:
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
