dash17291/gist:4598721

## gistfile1.txt

# Template used to create this container: debian
# Checksum of the template script (SHA-1): b7ad0dbfed857c24568c74ebeabd093a498ad251

# /var/lib/lxc/template/config

## Container
lxc.utsname                             = template
lxc.rootfs                              = /var/lib/lxc/template/rootfs
lxc.arch                                = x86_64
lxc.console                            = /var/log/lxc/template.console
lxc.tty                                 = 2
lxc.pts                                 = 1024

## Capabilities
lxc.cap.drop                            = mac_admin
lxc.cap.drop                            = mac_override
lxc.cap.drop                            = sys_admin
lxc.cap.drop                            = sys_module
## Devices
# Allow all devices
#lxc.cgroup.devices.allow               = a
# Deny all devices
lxc.cgroup.devices.deny                 = a
# Allow to mknod all devices (but not using them)
lxc.cgroup.devices.allow                = c *:* m
lxc.cgroup.devices.allow                = b *:* m

# /dev/console
lxc.cgroup.devices.allow                = c 5:1 rwm
# /dev/fuse
lxc.cgroup.devices.allow                = c 10:229 rwm
# /dev/null
lxc.cgroup.devices.allow                = c 1:3 rwm
# /dev/ptmx
lxc.cgroup.devices.allow                = c 5:2 rwm
# /dev/pts/*
lxc.cgroup.devices.allow                = c 136:* rwm
# /dev/random
lxc.cgroup.devices.allow                = c 1:8 rwm
# /dev/rtc
lxc.cgroup.devices.allow                = c 254:0 rwm
# /dev/tty
lxc.cgroup.devices.allow                = c 5:0 rwm
# /dev/urandom
lxc.cgroup.devices.allow                = c 1:9 rwm
# /dev/zero
lxc.cgroup.devices.allow                = c 1:5 rwm

## Limits
#lxc.cgroup.cpu.shares                  = 1024
#lxc.cgroup.cpuset.cpus                 = 0
#lxc.cgroup.memory.limit_in_bytes       = 256M
#lxc.cgroup.memory.memsw.limit_in_bytes = 1G

## Filesystem
lxc.mount.entry                         = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry                         = sysfs sys sysfs defaults,ro 0 0
# Bind mounting host's resolv.conf to the container.
lxc.mount.entry                         = /etc/resolv.conf /vz/lxc/template/rootfs/etc/resolv.conf none bind 0 0

## Network
lxc.network.type                        = veth
lxc.network.flags                       = up
lxc.network.hwaddr                      = 00:FF:57:A3:01:10
lxc.network.link                        = br0
lxc.network.name                        = eth0

## Network
lxc.network.type                        = veth
lxc.network.flags                       = up
lxc.network.hwaddr                      = 00:FF:57:A3:01:11
lxc.network.link                        = br1
lxc.network.name                        = eth1

## Capabilities (continued)
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:3 rwm

	# Template used to create this container: debian
	# Checksum of the template script (SHA-1): b7ad0dbfed857c24568c74ebeabd093a498ad251

	# /var/lib/lxc/template/config

	## Container
	lxc.utsname = template
	lxc.rootfs = /var/lib/lxc/template/rootfs
	lxc.arch = x86_64
	lxc.console = /var/log/lxc/template.console
	lxc.tty = 2
	lxc.pts = 1024

	## Capabilities
	lxc.cap.drop = mac_admin
	lxc.cap.drop = mac_override
	lxc.cap.drop = sys_admin
	lxc.cap.drop = sys_module
	## Devices
	# Allow all devices
	#lxc.cgroup.devices.allow = a
	# Deny all devices
	lxc.cgroup.devices.deny = a
	# Allow to mknod all devices (but not using them)
	lxc.cgroup.devices.allow = c : m
	lxc.cgroup.devices.allow = b : m

	# /dev/console
	lxc.cgroup.devices.allow = c 5:1 rwm
	# /dev/fuse
	lxc.cgroup.devices.allow = c 10:229 rwm
	# /dev/null
	lxc.cgroup.devices.allow = c 1:3 rwm
	# /dev/ptmx
	lxc.cgroup.devices.allow = c 5:2 rwm
	# /dev/pts/*
	lxc.cgroup.devices.allow = c 136:* rwm
	# /dev/random
	lxc.cgroup.devices.allow = c 1:8 rwm
	# /dev/rtc
	lxc.cgroup.devices.allow = c 254:0 rwm
	# /dev/tty
	lxc.cgroup.devices.allow = c 5:0 rwm
	# /dev/urandom
	lxc.cgroup.devices.allow = c 1:9 rwm
	# /dev/zero
	lxc.cgroup.devices.allow = c 1:5 rwm

	## Limits
	#lxc.cgroup.cpu.shares = 1024
	#lxc.cgroup.cpuset.cpus = 0
	#lxc.cgroup.memory.limit_in_bytes = 256M
	#lxc.cgroup.memory.memsw.limit_in_bytes = 1G

	## Filesystem
	lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
	lxc.mount.entry = sysfs sys sysfs defaults,ro 0 0
	# Bind mounting host's resolv.conf to the container.
	lxc.mount.entry = /etc/resolv.conf /vz/lxc/template/rootfs/etc/resolv.conf none bind 0 0

	## Network
	lxc.network.type = veth
	lxc.network.flags = up
	lxc.network.hwaddr = 00:FF:57:A3:01:10
	lxc.network.link = br0
	lxc.network.name = eth0

	## Network
	lxc.network.type = veth
	lxc.network.flags = up
	lxc.network.hwaddr = 00:FF:57:A3:01:11
	lxc.network.link = br1
	lxc.network.name = eth1

	## Capabilities (continued)
	lxc.cgroup.devices.allow = c 4:0 rwm
	lxc.cgroup.devices.allow = c 4:3 rwm