From 6bd3f98c469f311f6afbffbb3586efddae3c4eb4 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 22 Oct 2013 13:23:31 +0200
Subject: [PATCH] lxc-alpine: allow /dev/full

The template creates /dev/full for the container but needs also give
permission to access it.

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
 templates/lxc-alpine.in | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 5fdf36f..8600a34 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -197,9 +197,10 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 
 # devices
 lxc.cgroup.devices.deny = a
-# /dev/null and zero
+# /dev/null, zero and full
 lxc.cgroup.devices.allow = c 1:3 rwm
 lxc.cgroup.devices.allow = c 1:5 rwm
+lxc.cgroup.devices.allow = c 1:7 rwm
 # consoles
 lxc.cgroup.devices.allow = c 5:1 rwm
 lxc.cgroup.devices.allow = c 5:0 rwm
-- 
1.8.4.1