xxxxxxxxxx
# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
lxc.cgroup.devices.deny =
lxc.cgroup.devices.allow =
# Start with a full set of capabilities in user namespaces.
lxc.cap.drop =
lxc.cap.keep =
# We can't move bind-mounts, so don't use /dev/lxc/
lxc.tty.dir =
# Setup the default mounts
lxc.mount.auto = sys:rw