On Fri, Dec 4, 2015 at 12:10 AM, Peter Steele <pwste...@gmail.com> wrote:
> I've used the downloaded template's config file to create a custom config > for our containers. > Also, are you SURE this is based on download template's config? > The container specific portion of the config looks something like this: > > > > lxc.autodev = 1 > That is not common.conf (though I'm not sure whether it matters) > > lxc.kmsg = 0 > Neither is that. Though it should be the default value > > > # Remove capabilities we don't want in containers > lxc.cap.drop = mac_admin mac_override sys_time sys_module > > centos.common.conf also has lxc.cap.drop = sys_nice sys_pacct sys_rawio. You don't have that. lxc.cgroup.devices.allow = c 5:0 rwm > > lxc.cgroup.devices.allow = c 136:* rwm > ## /dev/ptmx pty master > lxc.cgroup.devices.allow = c 5:2 rwm > > you' re missing 5:1 (console), 10:229 (fuse). Both are in common.conf. > # Setup the default mounts > lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed > lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none > bind,optional 0 0 > > As you can see this was largely pulled from centos.common.conf and > common.conf. I assume something isn't quite right since I see more > entries under /dev than I do when I'm running under libvirt, using the same > custom tarball. I'll be satisfied with this for now though as long as the > extra entries aren't causing issues. > > > Is there a reason why you didn't test simply using the same config, which also does the "includes" instead of copying SOME of them? Is there a reason wht you don't copy ALL of them? It should be easier to start with a known good setup, then do incremental changes. -- Fajar
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
