blob: 5abbf22e6bfbe064d492e424f154927eedfede2b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From 6bd3f98c469f311f6afbffbb3586efddae3c4eb4 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 22 Oct 2013 13:23:31 +0200
Subject: [PATCH] lxc-alpine: allow /dev/full
The template creates /dev/full for the container but needs also give
permission to access it.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
templates/lxc-alpine.in | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 5fdf36f..8600a34 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -197,9 +197,10 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
# devices
lxc.cgroup.devices.deny = a
-# /dev/null and zero
+# /dev/null, zero and full
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
+lxc.cgroup.devices.allow = c 1:7 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
--
1.8.4.1
|