Ubuntu template: some tweaks

Allow mknod (fixing udev upgrades) and drop mac_override and mac_admin from lxc.cap.drop as apparmor has/will have support for namespaces Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
author: Stéphane Graber <stgraber@ubuntu.com> 2011-11-10 09:45:52 +0100
committer: dlezcano <dlezcano@mai.(none)> 2011-11-10 09:45:52 +0100
commit: 5ddd950537c4f37814ac64a823ec1ab352c07b24 (patch)
tree: ae1db59cadd4299eb0563d309747c68f98123da4 /templates
parent: lxc: use -iquote instead of -I (diff)
download: lxc-5ddd950537c4f37814ac64a823ec1ab352c07b24.tar.gz
lxc-5ddd950537c4f37814ac64a823ec1ab352c07b24.tar.bz2
lxc-5ddd950537c4f37814ac64a823ec1ab352c07b24.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
index 4f44b03..2be8680 100644
--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -179,9 +179,12 @@ lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.mount  = $path/fstab
 lxc.arch = $arch
-lxc.cap.drop = sys_module mac_override mac_admin
+lxc.cap.drop = sys_module
 
 lxc.cgroup.devices.deny = a
+# Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm
 lxc.cgroup.devices.allow = c 1:5 rwm
author	Stéphane Graber <stgraber@ubuntu.com>	2011-11-10 09:45:52 +0100
committer	dlezcano <dlezcano@mai.(none)>	2011-11-10 09:45:52 +0100
commit	5ddd950537c4f37814ac64a823ec1ab352c07b24 (patch)
tree	ae1db59cadd4299eb0563d309747c68f98123da4 /templates
parent	lxc: use -iquote instead of -I (diff)
download	lxc-5ddd950537c4f37814ac64a823ec1ab352c07b24.tar.gz lxc-5ddd950537c4f37814ac64a823ec1ab352c07b24.tar.bz2 lxc-5ddd950537c4f37814ac64a823ec1ab352c07b24.zip