A seccomp profile for the entire container has been added.

[waydroid.git] / data / configs / config_1

diff --git a/data/configs/config_1 b/data/configs/config_1
index 02d82a70adf9cea8872d4fda6a1cc88b4f3afabd..33671c4c4a536c4b9525dbb3d24cdddd41ec24ab 100644 (file)
--- a/data/configs/config_1
+++ b/data/configs/config_1
@@ -1,11 +1,14 @@
 # Waydroid LXC Config
 
-lxc.rootfs.path = /home/.waydroid/rootfs
+lxc.rootfs.path = /var/lib/waydroid/rootfs
 lxc.utsname = waydroid
 lxc.arch = LXCARCH
 lxc.autodev = 0
 # lxc.autodev.tmpfs.size = 25000000
 lxc.aa_profile = unconfined
+lxc.seccomp = /var/lib/waydroid/lxc/waydroid/waydroid.seccomp
+
+lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
 
 lxc.init_cmd = /init
 
@@ -19,7 +22,8 @@ lxc.network.hwaddr = 00:16:3e:f9:d3:03
 lxc.network.mtu = 1500
 
 lxc.console.path = none
+lxc.pty.max = 10
 
-lxc.include = /home/.waydroid/lxc/waydroid/config_nodes
+lxc.include = /var/lib/waydroid/lxc/waydroid/config_nodes
 
 lxc.hook.post-stop = /dev/null