X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=distrib%2Fsample.conf;fp=distrib%2Fsample.conf;h=7e1b7a697c0bf4b47b2c25bdd13b460980ffa659;hb=06e1018272502e1d15d6d8f32b80fa96420785b8;hp=0000000000000000000000000000000000000000;hpb=8a59994861a17eb92c11553d88631757ee8e63c3;p=util-vserver.git diff --git a/distrib/sample.conf b/distrib/sample.conf new file mode 100644 index 0000000..7e1b7a6 --- /dev/null +++ b/distrib/sample.conf @@ -0,0 +1,49 @@ +# Select an unused context (this is optional) +# The default is to allocate a free context on the fly +# In general you don't need to force a context +#S_CONTEXT= +# Select the IP number assigned to the virtual server +# This IP must be one IP of the server, either an interface +# or an IP alias +IPROOT=1.2.3.4 +# The netmask and broadcast are computed by default from IPROOTDEV +#IPROOTMASK= +#IPROOTBCAST= +# You can define on which device the IP alias will be done +# The IP alias will be set when the server is started and unset +# when the server is stopped +IPROOTDEV=eth0 +# Uncomment the onboot line if you want to enable this +# virtual server at boot time +#ONBOOT=yes +# You can set a different host name for the vserver +# If empty, the host name of the main server is used +S_HOSTNAME=somename.somedomain.com +# You can set a different NIS domain for the vserver +# If empty, the current on is kept +# Set it to "none" to have no NIS domain set +S_DOMAINNAME= +# You can set the priority level (nice) of all process in the vserver +# Even root won't be able to raise it +S_NICE= +# You can set various flags for the new security context +# lock: Prevent the vserver from setting new security context +# sched: Merge scheduler priority of all processes in the vserver +# so that it acts a like a single one. +# nproc: Limit the number of processes in the vserver according to ulimit +# (instead of a per user limit, this becomes a per vserver limit) +# private: No other process can join this security context. Even root +# Do not forget the quotes around the flags +S_FLAGS="lock nproc" +# You can set various ulimit flags and they will be inherited by the +# vserver. You enter here various command line argument of ulimit +# ULIMIT="-H -u 200" +# The example above, combined with the nproc S_FLAGS will limit the +# vserver to a maximum of 200 processes +ULIMIT="-H -u 1000" +# You can set various capabilities. By default, the vserver are run +# with a limited set, so you can let root run in a vserver and not +# worry about it. He can't take over the machine. In some cases +# you can to give a little more capabilities (such as CAP_NET_RAW) +# S_CAPS="CAP_NET_RAW" +S_CAPS=""