mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-12 15:52:55 +00:00
002b7704ff
This is identical to type='bridge', but without the "connect to a bridge" part, so it can be handled by using the same functions (and often even the same cases in switch statements), after renaming virLXCProcessSetupInterfaceBridged() to virLXCProcessInterfaceTap() and enhancing it to skip bridge-related items when brname == NULL. To be truly useful, we need to support setting the ip address on the host side veth as well as guest side veth (already supported for type='bridge'), as well as setting the peer address for both. The <script> element (supported by type='ethernet' in qemu) isn't supported in this patch. An error is logged at domain start time if it is encountered. This may be changed in a later patch.
45 lines
1.5 KiB
Plaintext
45 lines
1.5 KiB
Plaintext
# Template used to create this container: opensuse
|
|
# Template script checksum (SHA-1): 27307e0a95bd81b2c0bd82d6f87fdbe83be075ef
|
|
|
|
lxc.network.type = veth
|
|
lxc.network.flags = up
|
|
lxc.network.hwaddr = 02:00:15:8f:05:c1
|
|
lxc.network.name = eth0
|
|
lxc.network.ipv4 = 192.168.122.2/24
|
|
lxc.network.ipv4.gateway = 192.168.122.1
|
|
lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596/64
|
|
lxc.network.ipv6.gateway = 2003:db8:1:0:214:1234:fe0b:3595
|
|
|
|
#remove next line if host DNS configuration should not be available to container
|
|
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
|
|
lxc.mount.entry = sysfs sys sysfs defaults 0 0
|
|
lxc.mount.entry = tmpfs run tmpfs size=8m,mode=0755,nodev,nosuid 0 0
|
|
lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,ro 0 0
|
|
lxc.rootfs = /var/lib/lxc/migrate_test/rootfs
|
|
lxc.utsname = migrate_test
|
|
lxc.arch = x86
|
|
lxc.autodev=1
|
|
lxc.tty = 2
|
|
lxc.pts = 1024
|
|
lxc.cap.drop = sys_module mac_admin mac_override mknod
|
|
|
|
# When using LXC with apparmor, uncomment the next line to run unconfined:
|
|
#lxc.aa_profile = unconfined
|
|
|
|
lxc.cgroup.devices.deny = a
|
|
# /dev/null and zero
|
|
lxc.cgroup.devices.allow = c 1:3 rwm
|
|
lxc.cgroup.devices.allow = c 1:5 rwm
|
|
# consoles
|
|
lxc.cgroup.devices.allow = c 5:1 rwm
|
|
lxc.cgroup.devices.allow = c 5:0 rwm
|
|
lxc.cgroup.devices.allow = c 4:0 rwm
|
|
lxc.cgroup.devices.allow = c 4:1 rwm
|
|
# /dev/{,u}random
|
|
lxc.cgroup.devices.allow = c 1:9 rwm
|
|
lxc.cgroup.devices.allow = c 1:8 rwm
|
|
lxc.cgroup.devices.allow = c 136:* rwm
|
|
lxc.cgroup.devices.allow = c 5:2 rwm
|
|
# rtc
|
|
lxc.cgroup.devices.allow = c 254:0 rwm
|