Signed-off-by: Serge Hallyn <[email protected]> --- config/templates/ubuntu.common.conf.in | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/config/templates/ubuntu.common.conf.in b/config/templates/ubuntu.common.conf.in index ef4e818..4aeea7d 100644 --- a/config/templates/ubuntu.common.conf.in +++ b/config/templates/ubuntu.common.conf.in @@ -21,6 +21,10 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time # If you wish for it to instead run unconfined, copy the following line # (uncommented) to the container's configuration file. #lxc.aa_profile = unconfined +# If you wish to only allow starting nested containers, then use the following: +#lxc.aa_profile = lxc-container-default-with-nesting +# If you wish to allow mounting block filesystems, then use the following: +#lxc.aa_profile = lxc-container-default-with-mounting # To support container nesting on an Ubuntu host while retaining most of # apparmor's added security, use the following two lines instead. @@ -56,3 +60,6 @@ lxc.cgroup.devices.allow = c 1:7 rwm lxc.cgroup.devices.allow = c 10:228 rwm ## kvm lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm -- 1.8.5.1 _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
