From f141443564eda1fb6fab188cf7df9c9f1465afee Mon Sep 17 00:00:00 2001
From: Laurent Vallar <val@zbla.net>
Date: Fri, 3 May 2013 14:33:50 +0200
Subject: [PATCH] Copy default lxc.cgroup.devices.allow from ubuntu template

---
 boxes/debian/lxc-template | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/boxes/debian/lxc-template b/boxes/debian/lxc-template
index d4eb8d9..3b0f8fc 100755
--- a/boxes/debian/lxc-template
+++ b/boxes/debian/lxc-template
@@ -151,7 +151,6 @@ copy_configuration()
     path=$1
     rootfs=$2
     name=$3
-    arch=$4
 
     grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
     cat <<EOF >> $path/config
@@ -163,6 +162,9 @@ lxc.utsname = ${name}
 #lxc.aa_profile = unconfined
 
 lxc.cgroup.devices.deny = a
+# Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm
 lxc.cgroup.devices.allow = c 1:5 rwm
@@ -178,6 +180,16 @@ lxc.cgroup.devices.allow = c 136:* rwm
 lxc.cgroup.devices.allow = c 5:2 rwm
 # rtc
 lxc.cgroup.devices.allow = c 254:0 rwm
+#fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
+#tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+#full
+lxc.cgroup.devices.allow = c 1:7 rwm
+#hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+#kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
 
 # mounts point
 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0