2 lxc.utsname = ldap.local
4 # Use this root filesystem
5 lxc.rootfs = /containers/ldap
8 lxc.console = /var/log/lxc/ldap.lxc
10 # The container gets a single virtual eth0 interface with a statically assigned
11 # address (assigned by lxc-start, no need for the container to assign any
13 lxc.network.type = veth
14 lxc.network.flags = up
15 lxc.network.veth.pair = lxc-ldap
16 lxc.network.name = eth0
17 lxc.network.link = br-lxc
18 lxc.network.ipv4 = 10.42.0.11/24
19 lxc.network.ipv4.gateway = auto
21 # The number of ttys available (shouldn't be less than the getty's
22 # configured in the inittab).
25 # Use private pts for the container
28 # Deny all devices, except the following
29 lxc.cgroup.devices.deny = a
31 lxc.cgroup.devices.allow = c 1:3 rwm
33 lxc.cgroup.devices.allow = c 1:5 rwm
35 lxc.cgroup.devices.allow = c 5:1 rwm
37 lxc.cgroup.devices.allow = c 5:0 rwm
39 lxc.cgroup.devices.allow = c 4:0 rwm
41 lxc.cgroup.devices.allow = c 4:1 rwm
43 lxc.cgroup.devices.allow = c 1:9 rwm
44 lxc.cgroup.devices.allow = c 1:8 rwm
45 # /dev/pts/0 - /dev/pts/255
46 lxc.cgroup.devices.allow = c 136:* rwm
48 lxc.cgroup.devices.allow = c 5:2 rwm
50 lxc.cgroup.devices.allow = c 254:0 rwm
52 # mounts (note that the second item in each list is the mount point, relative
54 lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
55 lxc.mount.entry=sysfs sys sysfs defaults 0 0
56 lxc.mount.entry=/data/db/ldap data/db/ldap none defaults,bind 0 0
58 # Disallow module (un)loading
59 lxc.cap.drop = sys_module
60 # Disallow doing raw io
61 lxc.cap.drop = sys_rawio
62 # Disallow changing the clock
63 lxc.cap.drop = sys_time
64 # Disallow changing network settings
65 lxc.cap.drop = net_admin
66 # Disallow changing auditing settings
67 lxc.cap.drop = audit_control
68 # Disallow various admin tasks (probably has side-effects)
69 lxc.cap.drop = sys_admin
70 # sys_boot is always dropped by lxc-start
projects / matthijs / servers / tika.git / blob