diff options
| author | Petar Koretic <petar.koretic@sartura.hr> | 2014-10-22 11:00:58 +0200 |
|---|---|---|
| committer | Luka Perkov <luka.perkov@sartura.hr> | 2014-10-23 09:30:33 -0400 |
| commit | 733ce2c29ff8da9051f6e0daa85745c7dc422fbb (patch) | |
| tree | 18734ad9b99e079f3eca6e99538f34074de6db80 /utils | |
| parent | ad224e53555b5438eb8c5430e0f8b0c17cd72aaa (diff) | |
lxc: patches: add openwrt common config
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/lxc/patches/202-add-openwrt-common-config.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/utils/lxc/patches/202-add-openwrt-common-config.patch b/utils/lxc/patches/202-add-openwrt-common-config.patch new file mode 100644 index 000000000..6736d9bac --- /dev/null +++ b/utils/lxc/patches/202-add-openwrt-common-config.patch @@ -0,0 +1,78 @@ +--- /dev/null ++++ b/config/templates/openwrt.common.conf.in +@@ -0,0 +1,56 @@ ++# Default mount entries ++lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 ++lxc.mount.entry = sysfs sys sysfs defaults 0 0 ++ ++# Default console settings ++lxc.devttydir = lxc ++lxc.tty = 4 ++lxc.pts = 1024 ++ ++# Default capabilities ++lxc.cap.drop = mac_admin ++lxc.cap.drop = mac_override ++lxc.cap.drop = sys_admin ++lxc.cap.drop = sys_module ++lxc.cap.drop = sys_nice ++lxc.cap.drop = sys_pacct ++lxc.cap.drop = sys_ptrace ++lxc.cap.drop = sys_rawio ++lxc.cap.drop = sys_resource ++lxc.cap.drop = sys_time ++lxc.cap.drop = sys_tty_config ++lxc.cap.drop = syslog ++lxc.cap.drop = wake_alarm ++ ++# Default cgroups - all denied except those whitelisted ++lxc.cgroup.devices.deny = a ++## /dev/null and zero ++lxc.cgroup.devices.allow = c 1:3 rwm ++lxc.cgroup.devices.allow = c 1:5 rwm ++## consoles ++lxc.cgroup.devices.allow = c 5:0 rwm ++lxc.cgroup.devices.allow = c 5:1 rwm ++## /dev/{,u}random ++lxc.cgroup.devices.allow = c 1:8 rwm ++lxc.cgroup.devices.allow = c 1:9 rwm ++## /dev/pts/* ++lxc.cgroup.devices.allow = c 5:2 rwm ++lxc.cgroup.devices.allow = c 136:* rwm ++## rtc ++lxc.cgroup.devices.allow = c 254:0 rm ++## fuse ++lxc.cgroup.devices.allow = c 10:229 rwm ++## tun ++lxc.cgroup.devices.allow = c 10:200 rwm ++## dev/tty0 ++lxc.cgroup.devices.allow = c 4:0 rwm ++## dev/tty1 ++lxc.cgroup.devices.allow = c 4:1 rwm ++ ++## To use loop devices, copy the following line to the container's ++## configuration file (uncommented). ++#lxc.cgroup.devices.allow = b 7:* rwm ++ ++# Blacklist some syscalls which are not safe in privileged ++# containers ++lxc.seccomp = /usr/share/lxc/config/common.seccomp +--- a/configure.ac ++++ b/configure.ac +@@ -579,6 +579,7 @@ AC_CONFIG_FILES([ + config/templates/ubuntu.common.conf + config/templates/ubuntu.lucid.conf + config/templates/ubuntu.userns.conf ++ config/templates/openwrt.common.conf + config/yum/Makefile + + doc/Makefile +--- a/config/templates/Makefile.am ++++ b/config/templates/Makefile.am +@@ -22,4 +22,5 @@ templatesconfig_DATA = \ + ubuntu-cloud.userns.conf \ + ubuntu.common.conf \ + ubuntu.lucid.conf \ +- ubuntu.userns.conf ++ ubuntu.userns.conf \ ++ openwrt.common.conf |