lxc-containers: limits n caps

This commit is contained in:
Astro 2016-11-18 02:34:03 +01:00
parent 64635320a5
commit d4a8fac6cd
1 changed files with 9 additions and 2 deletions

View File

@ -1,3 +1,6 @@
# For lxcfs and sane defaults
lxc.include = /usr/share/lxc/config/common.conf
lxc.utsname = {{ id }}
# Handled by lxc@.service
lxc.start.auto = 0
@ -33,8 +36,12 @@ lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
#lxc.network.ipv6.gateway=fe80::1
{%- endfor %}
## TODO: limits + caps
## TODO: include Debian.common.conf
lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time
lxc.cgroup.memory.limit_in_bytes = 512M
lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
# tuntap
lxc.cgroup.devices.allow = c 10:200 rw