utils/lxc/patches/301-add-openwrt-common-config.patch

   1 --- /dev/null
   2 +++ b/config/templates/openwrt.common.conf.in
   3 @@ -0,0 +1,56 @@
   4 +# Default mount entries
   5 +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
   6 +lxc.mount.entry = sysfs sys sysfs defaults 0 0
   7 +
   8 +# Default console settings
   9 +lxc.devttydir = lxc
  10 +lxc.tty = 4
  11 +lxc.pts = 1024
  12 +
  13 +# Default capabilities
  14 +lxc.cap.drop = mac_admin
  15 +lxc.cap.drop = mac_override
  16 +lxc.cap.drop = sys_admin
  17 +lxc.cap.drop = sys_module
  18 +lxc.cap.drop = sys_nice
  19 +lxc.cap.drop = sys_pacct
  20 +lxc.cap.drop = sys_ptrace
  21 +lxc.cap.drop = sys_rawio
  22 +lxc.cap.drop = sys_resource
  23 +lxc.cap.drop = sys_time
  24 +lxc.cap.drop = sys_tty_config
  25 +lxc.cap.drop = syslog
  26 +lxc.cap.drop = wake_alarm
  27 +
  28 +# Default cgroups - all denied except those whitelisted
  29 +lxc.cgroup.devices.deny = a
  30 +## /dev/null and zero
  31 +lxc.cgroup.devices.allow = c 1:3 rwm
  32 +lxc.cgroup.devices.allow = c 1:5 rwm
  33 +## consoles
  34 +lxc.cgroup.devices.allow = c 5:0 rwm
  35 +lxc.cgroup.devices.allow = c 5:1 rwm
  36 +## /dev/{,u}random
  37 +lxc.cgroup.devices.allow = c 1:8 rwm
  38 +lxc.cgroup.devices.allow = c 1:9 rwm
  39 +## /dev/pts/*
  40 +lxc.cgroup.devices.allow = c 5:2 rwm
  41 +lxc.cgroup.devices.allow = c 136:* rwm
  42 +## rtc
  43 +lxc.cgroup.devices.allow = c 254:0 rm
  44 +## fuse
  45 +lxc.cgroup.devices.allow = c 10:229 rwm
  46 +## tun
  47 +lxc.cgroup.devices.allow = c 10:200 rwm
  48 +## dev/tty0
  49 +lxc.cgroup.devices.allow = c 4:0 rwm
  50 +## dev/tty1
  51 +lxc.cgroup.devices.allow = c 4:1 rwm
  52 +
  53 +## To use loop devices, copy the following line to the container's
  54 +## configuration file (uncommented).
  55 +#lxc.cgroup.devices.allow = b 7:* rwm
  56 +
  57 +# Blacklist some syscalls which are not safe in privileged
  58 +# containers
  59 +lxc.seccomp = /usr/share/lxc/config/common.seccomp
  60 --- a/configure.ac
  61 +++ b/configure.ac
  62 @@ -579,6 +579,7 @@ AC_CONFIG_FILES([
  63         config/templates/ubuntu.common.conf
  64         config/templates/ubuntu.lucid.conf
  65         config/templates/ubuntu.userns.conf
  66 +       config/templates/openwrt.common.conf
  67         config/yum/Makefile
  68
  69         doc/Makefile
  70 --- a/config/templates/Makefile.am
  71 +++ b/config/templates/Makefile.am
  72 @@ -22,4 +22,5 @@ templatesconfig_DATA = \
  73         ubuntu-cloud.userns.conf \
  74         ubuntu.common.conf \
  75         ubuntu.lucid.conf \
  76 -       ubuntu.userns.conf
  77 +       ubuntu.userns.conf \
  78 +       openwrt.common.conf