#lxc.network.type=empty

lxc.rootfs = /data/ubuntu/containers/ufa/rootfs
lxc.utsname = armhf
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
lxc.mount  = /data/ubuntu/containers/ufa/fstab
lxc.arch = armhf
lxc.cap.drop = sys_module mac_admin mac_override
lxc.pivotdir = lxc_putold
lxc.hook.pre-start = /data/ubuntu/containers/ufa/prestart.sh

# uncomment the next line to run the container unconfined:
#lxc.aa_profile = unconfined

lxc.cgroup.devices.deny = a
# Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
#lxc.cgroup.devices.allow = c 4:0 rwm
#lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
#fuse
lxc.cgroup.devices.allow = c 10:229 rwm
#tun
lxc.cgroup.devices.allow = c 10:200 rwm
#full
lxc.cgroup.devices.allow = c 1:7 rwm
#hpet
lxc.cgroup.devices.allow = c 10:228 rwm
#kvm
lxc.cgroup.devices.allow = c 10:232 rwm
# input devices
lxc.cgroup.devices.allow = c 13:* rwm
# /dev/graphics r/w access
lxc.cgroup.devices.allow = c 29:* rwma
# allow all in this category (specifically we need binder and uinput, in 
# addition to those above)
lxc.cgroup.devices.allow = c 10:* rwm
lxc.cgroup.devices.allow = c 4:7 rwm
