gemian-fixes/lxc-android
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lxc-android/var/lib/lxc/android/config

81 lines
2.3 KiB
Text
Raw Blame History

lxc.net.0.type = none
lxc.rootfs.path = dir:/var/lib/lxc/android/rootfs
#lxc.tty.dir = lxc
lxc.tty.dir =
lxc.tty.max = 4
lxc.pty.max = 1024
lxc.arch = arm64
# Drop some harmful capabilities
lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
# Blacklist some syscalls which are not safe in privileged containers
lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp
# Appears to be removed in latest lxc versions
#lxc.pivotdir = lxc_putold
lxc.hook.pre-start = /var/lib/lxc/android/pre-start.sh
#this might not be needed?
#lxc.init_cmd = /init
lxc.apparmor.profile = unconfined
lxc.autodev = 0
# CGroup whitelist
lxc.cgroup.devices.deny = a
## Allow any mknod (but not reading/writing the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
## Allow specific devices
### /dev/null
lxc.cgroup.devices.allow = c 1:3 rwm
### /dev/zero
lxc.cgroup.devices.allow = c 1:5 rwm
### /dev/full
lxc.cgroup.devices.allow = c 1:7 rwm
### /dev/tty
lxc.cgroup.devices.allow = c 5:0 rwm
### /dev/console
lxc.cgroup.devices.allow = c 5:1 rwm
### /dev/ptmx
lxc.cgroup.devices.allow = c 5:2 rwm
### /dev/random
lxc.cgroup.devices.allow = c 1:8 rwm
### /dev/urandom
lxc.cgroup.devices.allow = c 1:9 rwm
### /dev/pts/*
lxc.cgroup.devices.allow = c 136:* rwm
### fuse
lxc.cgroup.devices.allow = c 10:229 rwm
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## hpet
lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm
lxc.hook.mount = /usr/share/lxcfs/lxc.mount.hook
lxc.hook.post-stop = /usr/share/lxcfs/lxc.reboot.hook
#lxc.mount.entry = tmpfs dev tmpfs nosuid 0 0
#lxc.mount.entry = /dev/__properties__ dev/__properties__ bind bind,create=dir 0 0
#lxc.mount.entry = /dev/socket dev/socket bind bind,create=dir 0 0
#lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
#lxc.mount.entry = sys sys sysfs nodev,noexec,nosuid 0 0
##lxc.mount.entry = tmp tmp tmpfs nodev,noexec,nosuid 0 0
#lxc.mount.entry = /android/data data bind bind 0 0
#lxc.mount.entry = /vendor vendor bind rbind 0 0
#lxc.mount.entry = /mnt mnt bind rbind 0 0
Reference in a new issue View git blame Copy permalink