diff options
Diffstat (limited to 'manifests/lxc/unprivileged.pp')
| -rw-r--r-- | manifests/lxc/unprivileged.pp | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/manifests/lxc/unprivileged.pp b/manifests/lxc/unprivileged.pp new file mode 100644 index 0000000..6f187a5 --- /dev/null +++ b/manifests/lxc/unprivileged.pp @@ -0,0 +1,27 @@ +class virtual::lxc::unprivileged { + include virtual::lxc::base + + package { [ + 'libvirt0', + 'libpam-cgroup', + 'libpam-cgfs', + ]: + ensure => present, + } + + file { "/etc/sysctl.d/80-lxc-userns.conf": + owner => "root", + group => "root", + mode => '0644', + ensure => present, + content => "kernel.unprivileged_userns_clone=1\n", + } + + exec { "sysctl --system": + user => root, + subscribe => File["/etc/sysctl.d/80-lxc-userns.conf"], + refreshonly => true, + } + + # TODO: echo "$USER veth lxcbr0 1000"| sudo tee -i /etc/lxc/lxc-usernet +} |