From b87b73d3582b0746909e383301deff3b771173a5 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 31 May 2021 00:40:19 +0200
Subject: [PATCH] nixos-module/server/lxc-containers: update permissions

---
 nix/nixos-module/server/lxc-containers.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/nix/nixos-module/server/lxc-containers.nix b/nix/nixos-module/server/lxc-containers.nix
index 8ec67cd..fe62465 100644
--- a/nix/nixos-module/server/lxc-containers.nix
+++ b/nix/nixos-module/server/lxc-containers.nix
@@ -168,16 +168,18 @@ in
 
             lxc.autodev = 1
             lxc.tty.max = 0
+            lxc.pty.max = 8
 
-            lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time mknod
-            lxc.apparmor.profile = unchanged
+            lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio
             security.privileged = false
+            lxc.apparmor.profile = lxc-container-default-with-mounting
 
             lxc.cgroup.memory.limit_in_bytes = 1G
             lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
 
             # tuntap
             lxc.cgroup.devices.allow = c 10:200 rw
+            lxc.cgroup2.devices.allow = c 10:200 rw
 
             ${netConfig ctName containers.${ctName}.physicalInterfaces}
           '';