# apply via lxc profile add container-name--net k8s
# to apply privileges, you need to restart the container-name--net
config:
  linux.kernel_modules: br_netfilter,ip_tables,ip6_tables,netlink_diag,nf_nat,xt_nat,overlay
  raw.lxc: |-
    lxc.apparmor.profile = unconfined
    lxc.cgroup.devices.allow = a
    lxc.mount.entry = /dev/kmsg dev/kmsg none defaults,bind,create=file
    lxc.mount.auto=proc:rw sys:rw
    lxc.cap.drop =
  security.nesting: "true"
  security.privileged: "true"
description: ""
name: k8s
used_by: []
