1 files changed, 45 insertions, 0 deletions

diff --git a/runtime/execdriver/native/template/default_template.go b/runtime/execdriver/native/template/default_template.go
new file mode 100644
index 0000000000..a1ecb04d76
--- /dev/null
+++ b/runtime/execdriver/native/template/default_template.go
@@ -0,0 +1,45 @@
+package template
+
+import (
+	"github.com/dotcloud/docker/pkg/cgroups"
+	"github.com/dotcloud/docker/pkg/libcontainer"
+)
+
+// New returns the docker default configuration for libcontainer
+func New() *libcontainer.Container {
+	container := &libcontainer.Container{
+		CapabilitiesMask: libcontainer.Capabilities{
+			libcontainer.GetCapability("SETPCAP"),
+			libcontainer.GetCapability("SYS_MODULE"),
+			libcontainer.GetCapability("SYS_RAWIO"),
+			libcontainer.GetCapability("SYS_PACCT"),
+			libcontainer.GetCapability("SYS_ADMIN"),
+			libcontainer.GetCapability("SYS_NICE"),
+			libcontainer.GetCapability("SYS_RESOURCE"),
+			libcontainer.GetCapability("SYS_TIME"),
+			libcontainer.GetCapability("SYS_TTY_CONFIG"),
+			libcontainer.GetCapability("AUDIT_WRITE"),
+			libcontainer.GetCapability("AUDIT_CONTROL"),
+			libcontainer.GetCapability("MAC_OVERRIDE"),
+			libcontainer.GetCapability("MAC_ADMIN"),
+			libcontainer.GetCapability("NET_ADMIN"),
+			libcontainer.GetCapability("MKNOD"),
+		},
+		Namespaces: libcontainer.Namespaces{
+			libcontainer.GetNamespace("NEWNS"),
+			libcontainer.GetNamespace("NEWUTS"),
+			libcontainer.GetNamespace("NEWIPC"),
+			libcontainer.GetNamespace("NEWPID"),
+			libcontainer.GetNamespace("NEWNET"),
+		},
+		Cgroups: &cgroups.Cgroup{
+			Parent:       "docker",
+			DeviceAccess: false,
+		},
+		Context: libcontainer.Context{
+			"apparmor_profile": "docker-default",
+		},
+	}
+	container.CapabilitiesMask.Get("MKNOD").Enabled = true
+	return container
+}