/
proc
/
1387184
/
root
/
snap
/
lxd
/
current
/
share
/
lxd-documentation
/
reference
/
projects
/
File Upload :
llllll
Current File: //proc/1387184/root/snap/lxd/current/share/lxd-documentation/reference/projects/index.html
<!doctype html> <html class="no-js" lang="en" data-content_root="../../"> <head><meta charset="utf-8"/> <meta name="viewport" content="width=device-width,initial-scale=1"/> <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" /> <meta property="og:title" content="Project configuration" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://documentation.ubuntu.com/lxd/latest/reference/projects/" /> <meta property="og:site_name" content="LXD documentation" /> <meta property="og:description" content="Projects can be configured through a set of key/value configuration options. See Configure a project for instructions on how to set these options. The key/value configuration is namespaced. The fol..." /> <meta property="og:image" content="https://documentation.ubuntu.com/lxd/latest/_static/tag.png" /> <meta property="og:image:alt" content="LXD documentation" /> <meta name="description" content="Projects can be configured through a set of key/value configuration options. See Configure a project for instructions on how to set these options. The key/value configuration is namespaced. The fol..." /> <link rel="index" title="Index" href="../../genindex/" /><link rel="search" title="Search" href="../../search/" /><link rel="next" title="Storage drivers" href="../storage_drivers/" /><link rel="prev" title="Preseed YAML file fields" href="../preseed_yaml_fields/" /> <link rel="canonical" href="https://documentation.ubuntu.com/lxd/reference/projects/" /> <link rel="shortcut icon" href="../../_static/favicon.ico"/><!-- Generated with Sphinx 8.2.3 and Furo 2025.07.19 --> <title>Project configuration</title> <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=d111a655" /> <link rel="stylesheet" type="text/css" href="../../_static/styles/furo.css?v=25af2a20" /> <link rel="stylesheet" type="text/css" href="../../_static/copybutton.css?v=76b2166b" /> <link rel="stylesheet" type="text/css" href="../../_static/youtube.css" /> <link rel="stylesheet" type="text/css" href="../../_static/related-links.css" /> <link rel="stylesheet" type="text/css" href="../../_static/terminal-output.css" /> <link rel="stylesheet" type="text/css" href="../../_static/config-options.css" /> <link rel="stylesheet" type="text/css" href="../../_static/sphinx-design.min.css?v=95c83b7e" /> <link rel="stylesheet" type="text/css" href="../../_static/styles/furo-extensions.css?v=8dab3a3b" /> <link rel="stylesheet" type="text/css" href="../../_static/custom.css?v=66d86e9d" /> <link rel="stylesheet" type="text/css" href="../../_static/header.css?v=84f70f09" /> <link rel="stylesheet" type="text/css" href="../../_static/github_issue_links.css?v=af88fb93" /> <link rel="stylesheet" type="text/css" href="../../_static/furo_colors.css?v=c4ccdb8a" /> <link rel="stylesheet" type="text/css" href="../../_static/footer.css?v=bd05fc90" /> <link rel="stylesheet" type="text/css" href="../../_static/cookie-banner.css?v=b74831ab" /> </head> <body> <header id="header" class="p-navigation"> <script type="module" src="../../_static/js/bundle.js"> </script> <!-- Google Tag Manager --> <script> (function(w, d, s, l, i) { w[l] = w[l] || []; w[l].push({ 'gtm.start': new Date().getTime(), event: 'gtm.js' }); var f = d.getElementsByTagName(s)[0]; var j = d.createElement(s); var dl = ''; if (l != 'dataLayer') { dl = '&l=' + l; } j.async = true; j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-KNX3CJC'); </script> <div class="p-navigation__nav" role="menubar"> <ul class="p-navigation__links" role="menu"> <li> <a class="p-logo" href="https://canonical.com/lxd" aria-current="page"> <img src="../../_static/tag.png" alt="Logo" class="p-logo-image"> <div class="p-logo-text p-heading--4">LXD </div> </a> </li> <li class="nav-ubuntu-com"> <a href="https://canonical.com/lxd" class="p-navigation__link">canonical.com/lxd</a> </li> <li> <a href="#" class="p-navigation__link nav-more-links">More resources</a> <ul class="more-links-dropdown"> <li> <a href="https://ubuntu.com/lxd/install/" class="p-navigation__sub-link p-dropdown__link">Install LXD</a> </li> <li> <a href="https://ubuntu.com/lxd/manage/" class="p-navigation__sub-link p-dropdown__link">Manage LXD</a> </li> <li> <a href="https://discourse.ubuntu.com/c/lxd/" class="p-navigation__sub-link p-dropdown__link">Forum</a> </li> <li> <a href="https://github.com/canonical/lxd" class="p-navigation__sub-link p-dropdown__link">GitHub</a> </li> </ul> </li> </ul> </div> </header> <script> document.body.dataset.theme = localStorage.getItem("theme") || "auto"; </script> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="svg-toc" viewBox="0 0 24 24"> <title>Contents</title> <svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 1024 1024"> <path d="M408 442h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8zm-8 204c0 4.4 3.6 8 8 8h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56zm504-486H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 632H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM115.4 518.9L271.7 642c5.8 4.6 14.4.5 14.4-6.9V388.9c0-7.4-8.5-11.5-14.4-6.9L115.4 505.1a8.74 8.74 0 0 0 0 13.8z"/> </svg> </symbol> <symbol id="svg-menu" viewBox="0 0 24 24"> <title>Menu</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-menu"> <line x1="3" y1="12" x2="21" y2="12"></line> <line x1="3" y1="6" x2="21" y2="6"></line> <line x1="3" y1="18" x2="21" y2="18"></line> </svg> </symbol> <symbol id="svg-arrow-right" viewBox="0 0 24 24"> <title>Expand</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-chevron-right"> <polyline points="9 18 15 12 9 6"></polyline> </svg> </symbol> <symbol id="svg-sun" viewBox="0 0 24 24"> <title>Light mode</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="feather-sun"> <circle cx="12" cy="12" r="5"></circle> <line x1="12" y1="1" x2="12" y2="3"></line> <line x1="12" y1="21" x2="12" y2="23"></line> <line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line> <line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line> <line x1="1" y1="12" x2="3" y2="12"></line> <line x1="21" y1="12" x2="23" y2="12"></line> <line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line> <line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line> </svg> </symbol> <symbol id="svg-moon" viewBox="0 0 24 24"> <title>Dark mode</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-moon"> <path stroke="none" d="M0 0h24v24H0z" fill="none" /> <path d="M12 3c.132 0 .263 0 .393 0a7.5 7.5 0 0 0 7.92 12.446a9 9 0 1 1 -8.313 -12.454z" /> </svg> </symbol> <symbol id="svg-sun-with-moon" viewBox="0 0 24 24"> <title>Auto light/dark, in light mode</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-custom-derived-from-feather-sun-and-tabler-moon"> <path style="opacity: 50%" d="M 5.411 14.504 C 5.471 14.504 5.532 14.504 5.591 14.504 C 3.639 16.319 4.383 19.569 6.931 20.352 C 7.693 20.586 8.512 20.551 9.25 20.252 C 8.023 23.207 4.056 23.725 2.11 21.184 C 0.166 18.642 1.702 14.949 4.874 14.536 C 5.051 14.512 5.231 14.5 5.411 14.5 L 5.411 14.504 Z"/> <line x1="14.5" y1="3.25" x2="14.5" y2="1.25"/> <line x1="14.5" y1="15.85" x2="14.5" y2="17.85"/> <line x1="10.044" y1="5.094" x2="8.63" y2="3.68"/> <line x1="19" y1="14.05" x2="20.414" y2="15.464"/> <line x1="8.2" y1="9.55" x2="6.2" y2="9.55"/> <line x1="20.8" y1="9.55" x2="22.8" y2="9.55"/> <line x1="10.044" y1="14.006" x2="8.63" y2="15.42"/> <line x1="19" y1="5.05" x2="20.414" y2="3.636"/> <circle cx="14.5" cy="9.55" r="3.6"/> </svg> </symbol> <symbol id="svg-moon-with-sun" viewBox="0 0 24 24"> <title>Auto light/dark, in dark mode</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-custom-derived-from-feather-sun-and-tabler-moon"> <path d="M 8.282 7.007 C 8.385 7.007 8.494 7.007 8.595 7.007 C 5.18 10.184 6.481 15.869 10.942 17.24 C 12.275 17.648 13.706 17.589 15 17.066 C 12.851 22.236 5.91 23.143 2.505 18.696 C -0.897 14.249 1.791 7.786 7.342 7.063 C 7.652 7.021 7.965 7 8.282 7 L 8.282 7.007 Z"/> <line style="opacity: 50%" x1="18" y1="3.705" x2="18" y2="2.5"/> <line style="opacity: 50%" x1="18" y1="11.295" x2="18" y2="12.5"/> <line style="opacity: 50%" x1="15.316" y1="4.816" x2="14.464" y2="3.964"/> <line style="opacity: 50%" x1="20.711" y1="10.212" x2="21.563" y2="11.063"/> <line style="opacity: 50%" x1="14.205" y1="7.5" x2="13.001" y2="7.5"/> <line style="opacity: 50%" x1="21.795" y1="7.5" x2="23" y2="7.5"/> <line style="opacity: 50%" x1="15.316" y1="10.184" x2="14.464" y2="11.036"/> <line style="opacity: 50%" x1="20.711" y1="4.789" x2="21.563" y2="3.937"/> <circle style="opacity: 50%" cx="18" cy="7.5" r="2.169"/> </svg> </symbol> <symbol id="svg-pencil" viewBox="0 0 24 24"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-pencil-code"> <path d="M4 20h4l10.5 -10.5a2.828 2.828 0 1 0 -4 -4l-10.5 10.5v4" /> <path d="M13.5 6.5l4 4" /> <path d="M20 21l2 -2l-2 -2" /> <path d="M17 17l-2 2l2 2" /> </svg> </symbol> <symbol id="svg-eye" viewBox="0 0 24 24"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-eye-code"> <path stroke="none" d="M0 0h24v24H0z" fill="none" /> <path d="M10 12a2 2 0 1 0 4 0a2 2 0 0 0 -4 0" /> <path d="M11.11 17.958c-3.209 -.307 -5.91 -2.293 -8.11 -5.958c2.4 -4 5.4 -6 9 -6c3.6 0 6.6 2 9 6c-.21 .352 -.427 .688 -.647 1.008" /> <path d="M20 21l2 -2l-2 -2" /> <path d="M17 17l-2 2l2 2" /> </svg> </symbol> </svg> <input type="checkbox" class="sidebar-toggle" name="__navigation" id="__navigation"> <input type="checkbox" class="sidebar-toggle" name="__toc" id="__toc"> <label class="overlay sidebar-overlay" for="__navigation"> <div class="visually-hidden">Hide navigation sidebar</div> </label> <label class="overlay toc-overlay" for="__toc"> <div class="visually-hidden">Hide table of contents sidebar</div> </label> <a class="skip-to-content muted-link" href="#furo-main-content">Skip to content</a> <div class="page"> <header class="mobile-header"> <div class="header-left"> <label class="nav-overlay-icon" for="__navigation"> <div class="visually-hidden">Toggle site navigation sidebar</div> <i class="icon"><svg><use href="#svg-menu"></use></svg></i> </label> </div> <div class="header-center"> <a href="../../"><div class="brand">LXD</div></a> </div> <div class="header-right"> <div class="theme-toggle-container theme-toggle-header"> <button class="theme-toggle"> <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div> <svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg> <svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg> <svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg> <svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg> </button> </div> <label class="toc-overlay-icon toc-header-icon" for="__toc"> <div class="visually-hidden">Toggle table of contents sidebar</div> <i class="icon"><svg><use href="#svg-toc"></use></svg></i> </label> </div> </header> <aside class="sidebar-drawer"> <div class="sidebar-container"> <div class="sidebar-sticky"><a class="sidebar-brand" href="../../"> </a><form class="sidebar-search-container" method="get" action="../../search/" role="search"> <input class="sidebar-search" placeholder="Search" name="q" aria-label="Search"> <input type="submit" value="Go"> <input type="hidden" name="check_keywords" value="yes"> <input type="hidden" name="area" value="default"> </form> <div id="searchbox"></div><div class="sidebar-scroll"><div class="sidebar-tree"> <ul class="current"> <li class="toctree-l1"><a class="reference internal" href="../../">LXD</a></li> <li class="toctree-l1 has-children"><a class="reference internal" href="../../tutorial/">Tutorials</a><input class="toctree-checkbox" id="toctree-checkbox-1" name="toctree-checkbox-1" role="switch" type="checkbox"/><label for="toctree-checkbox-1"><div class="visually-hidden">Toggle navigation of Tutorials</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l2"><a class="reference internal" href="../../tutorial/first_steps/">First steps with LXD</a></li> <li class="toctree-l2"><a class="reference internal" href="../../tutorial/ui/">Getting started with the UI</a></li> </ul> </li> <li class="toctree-l1 has-children"><a class="reference internal" href="../../howto/">How-to guides</a><input class="toctree-checkbox" id="toctree-checkbox-2" name="toctree-checkbox-2" role="switch" type="checkbox"/><label for="toctree-checkbox-2"><div class="visually-hidden">Toggle navigation of How-to guides</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l2 has-children"><a class="reference internal" href="../../getting_started/">Getting started</a><input class="toctree-checkbox" id="toctree-checkbox-3" name="toctree-checkbox-3" role="switch" type="checkbox"/><label for="toctree-checkbox-3"><div class="visually-hidden">Toggle navigation of Getting started</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../installing/">Install LXD</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/initialize/">Initialize LXD</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/access_ui/">Access the UI</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/access_documentation/">Access documentation locally</a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../operation/">LXD server and client</a><input class="toctree-checkbox" id="toctree-checkbox-4" name="toctree-checkbox-4" role="switch" type="checkbox"/><label for="toctree-checkbox-4"><div class="visually-hidden">Toggle navigation of LXD server and client</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../howto/server_expose/">Expose LXD to the network</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/server_configure/">Configure the LXD server</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/oidc_auth0/">Configure OIDC authentication with Auth0</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/oidc_ory/">Configure OIDC authentication with Ory Hydra</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/oidc_keycloak/">Configure OIDC authentication with Keycloak</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/oidc_entra_id/">Configure OIDC authentication with Microsoft Entra ID</a></li> <li class="toctree-l3"><a class="reference internal" href="../../remotes/">Add remote servers</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/lxc_alias/">Add command aliases</a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../instances/">Instances</a><input class="toctree-checkbox" id="toctree-checkbox-5" name="toctree-checkbox-5" role="switch" type="checkbox"/><label for="toctree-checkbox-5"><div class="visually-hidden">Toggle navigation of Instances</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_create/">Create instances</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_configure/">Configure instances</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_manage/">Manage instances</a></li> <li class="toctree-l3"><a class="reference internal" href="../../profiles/">Use profiles</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_troubleshoot/">Troubleshoot errors</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_ubuntu_pro_attach/">Auto attach Ubuntu Pro</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_access_files/">Access files</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_console/">Access the console</a></li> <li class="toctree-l3"><a class="reference internal" href="../../instance-exec/">Run commands</a></li> <li class="toctree-l3"><a class="reference internal" href="../../cloud-init/">Use cloud-init</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_routed_nic_vm/">Add a routed NIC to a VM</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_backup/">Back up instances</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_migrate/">Migrate instances</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/import_machines_to_instances/">Import existing machines</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/container_gpu_passthrough_with_docker/">Pass NVIDIA GPUs</a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../images/">Images</a><input class="toctree-checkbox" id="toctree-checkbox-6" name="toctree-checkbox-6" role="switch" type="checkbox"/><label for="toctree-checkbox-6"><div class="visually-hidden">Toggle navigation of Images</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../howto/images_remote/">Use remote images</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/images_manage/">Manage images</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/images_profiles/">Associate profiles</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/images_copy/">Copy and import images</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/images_create/">Create images</a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../projects/">Projects</a><input class="toctree-checkbox" id="toctree-checkbox-7" name="toctree-checkbox-7" role="switch" type="checkbox"/><label for="toctree-checkbox-7"><div class="visually-hidden">Toggle navigation of Projects</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../howto/projects_create/">Create and configure</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/projects_work/">Work with projects</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/projects_confine/">Confine users to projects</a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../storage/">Storage</a><input class="toctree-checkbox" id="toctree-checkbox-8" name="toctree-checkbox-8" role="switch" type="checkbox"/><label for="toctree-checkbox-8"><div class="visually-hidden">Toggle navigation of Storage</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../howto/storage_pools/">Manage pools</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/storage_volumes/">Manage volumes</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/storage_buckets/">Manage buckets</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/storage_create_instance/">Create an instance in a pool</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/storage_backup_volume/">Back up a volume</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/storage_move_volume/">Move or copy a volume</a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../networks/">Networking</a><input class="toctree-checkbox" id="toctree-checkbox-9" name="toctree-checkbox-9" role="switch" type="checkbox"/><label for="toctree-checkbox-9"><div class="visually-hidden">Toggle navigation of Networking</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_create/">Create a network</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_configure/">Configure a network</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_bgp/">Configure as BGP server</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_acls/">Configure network ACLs</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_forwards/">Configure forwards</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_zones/">Configure network zones</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_bridge_firewalld/">Configure your firewall</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_bridge_resolved/">Integrate with resolved</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_ovn_setup/">Set up OVN</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_load_balancers/">Configure load balancers</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_ovn_peers/">Configure peer routing</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_ipam/">Display IPAM information</a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../clustering/">Clustering</a><input class="toctree-checkbox" id="toctree-checkbox-10" name="toctree-checkbox-10" role="switch" type="checkbox"/><label for="toctree-checkbox-10"><div class="visually-hidden">Toggle navigation of Clustering</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_form/">Form a cluster</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_manage/">Manage a cluster</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_config_networks/">Configure networks</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_config_storage/">Configure storage</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_manage_instance/">Manage instances</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_groups/">Set up cluster groups</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_recover/">Recover a cluster</a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../production-setup/">Production setup</a><input class="toctree-checkbox" id="toctree-checkbox-11" name="toctree-checkbox-11" role="switch" type="checkbox"/><label for="toctree-checkbox-11"><div class="visually-hidden">Toggle navigation of Production setup</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../howto/benchmark_performance/">Benchmark performance</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_increase_bandwidth/">Increase bandwidth</a></li> <li class="toctree-l3"><a class="reference internal" href="../../metrics/">Monitor metrics</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/logs_loki/">Send logs to Loki</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/grafana/">Set up Grafana</a></li> <li class="toctree-l3"><a class="reference internal" href="../../backup/">Back up a server</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/disaster_recovery/">Recover instances</a></li> </ul> </li> <li class="toctree-l2"><a class="reference internal" href="../../howto/snap/">Manage the snap</a></li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../howto/troubleshoot/">Troubleshooting</a><input class="toctree-checkbox" id="toctree-checkbox-12" name="toctree-checkbox-12" role="switch" type="checkbox"/><label for="toctree-checkbox-12"><div class="visually-hidden">Toggle navigation of Troubleshooting</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../howto/network_bridge_firewalld/">Configure your firewall</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/instances_troubleshoot/">Troubleshoot instances</a></li> <li class="toctree-l3"><a class="reference internal" href="../../howto/dqlite_troubleshoot/">Troubleshoot Dqlite</a></li> <li class="toctree-l3"><a class="reference internal" href="../../debugging/">Debug LXD</a></li> <li class="toctree-l3"><a class="reference internal" href="../../faq/">Frequently asked</a></li> </ul> </li> <li class="toctree-l2"><a class="reference internal" href="../../support/">Get support</a></li> <li class="toctree-l2"><a class="reference internal" href="../../contributing/">Contribute to LXD</a></li> </ul> </li> <li class="toctree-l1 has-children"><a class="reference internal" href="../../explanation/">Explanation</a><input class="toctree-checkbox" id="toctree-checkbox-13" name="toctree-checkbox-13" role="switch" type="checkbox"/><label for="toctree-checkbox-13"><div class="visually-hidden">Toggle navigation of Explanation</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l2"><a class="reference internal" href="../../explanation/lxd_lxc/"><code class="docutils literal notranslate"><span class="pre">lxd</span></code> and <code class="docutils literal notranslate"><span class="pre">lxc</span></code></a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/instances/">Containers and VMs</a></li> <li class="toctree-l2"><a class="reference internal" href="../../image-handling/">Local and remote images</a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/storage/">Storage pools, volumes, and buckets</a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/networks/">Networking setups</a></li> <li class="toctree-l2"><a class="reference internal" href="../../database/">The LXD Dqlite database</a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/lxc_show_info/"><code class="docutils literal notranslate"><span class="pre">lxc</span></code> <code class="docutils literal notranslate"><span class="pre">show</span></code> and <code class="docutils literal notranslate"><span class="pre">info</span></code></a></li> <li class="toctree-l2"><a class="reference internal" href="../../authentication/">Remote API authentication</a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/authorization/">Remote API authorization</a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/projects/">Instances grouping with projects</a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/clusters/">Clusters</a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/performance_tuning/">Performance tuning</a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/security/">Security</a></li> <li class="toctree-l2"><a class="reference internal" href="../../explanation/bpf/">Privilege delegation using BPF Token</a></li> </ul> </li> <li class="toctree-l1 current has-children"><a class="reference internal" href="../">Reference</a><input checked="" class="toctree-checkbox" id="toctree-checkbox-14" name="toctree-checkbox-14" role="switch" type="checkbox"/><label for="toctree-checkbox-14"><div class="visually-hidden">Toggle navigation of Reference</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul class="current"> <li class="toctree-l2"><a class="reference internal" href="../../requirements/">Requirements</a></li> <li class="toctree-l2"><a class="reference internal" href="../../architectures/">Architectures</a></li> <li class="toctree-l2"><a class="reference internal" href="../releases-snap/">Releases and snap</a></li> <li class="toctree-l2"><a class="reference internal" href="../remote_image_servers/">Remote image servers</a></li> <li class="toctree-l2"><a class="reference internal" href="../image_format/">Image format</a></li> <li class="toctree-l2"><a class="reference internal" href="../../guest-os-compatibility/">Guest OS compatibility</a></li> <li class="toctree-l2"><a class="reference internal" href="../../container-environment/">Container environment</a></li> <li class="toctree-l2"><a class="reference internal" href="../../config-options/">Configuration option index</a></li> <li class="toctree-l2"><a class="reference internal" href="../../server/">Server configuration</a></li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../explanation/instance_config/">Instance configuration</a><input class="toctree-checkbox" id="toctree-checkbox-15" name="toctree-checkbox-15" role="switch" type="checkbox"/><label for="toctree-checkbox-15"><div class="visually-hidden">Toggle navigation of Instance configuration</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../instance_properties/">Instance properties</a></li> <li class="toctree-l3"><a class="reference internal" href="../instance_options/">Instance options</a></li> <li class="toctree-l3 has-children"><a class="reference internal" href="../devices/">Devices</a><input class="toctree-checkbox" id="toctree-checkbox-16" name="toctree-checkbox-16" role="switch" type="checkbox"/><label for="toctree-checkbox-16"><div class="visually-hidden">Toggle navigation of Devices</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l4"><a class="reference internal" href="../standard_devices/">Standard devices</a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_none/">Type: <code class="docutils literal notranslate"><span class="pre">none</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_nic/">Type: <code class="docutils literal notranslate"><span class="pre">nic</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_disk/">Type: <code class="docutils literal notranslate"><span class="pre">disk</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_unix_char/">Type: <code class="docutils literal notranslate"><span class="pre">unix-char</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_unix_block/">Type: <code class="docutils literal notranslate"><span class="pre">unix-block</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_usb/">Type: <code class="docutils literal notranslate"><span class="pre">usb</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_gpu/">Type: <code class="docutils literal notranslate"><span class="pre">gpu</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_infiniband/">Type: <code class="docutils literal notranslate"><span class="pre">infiniband</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_proxy/">Type: <code class="docutils literal notranslate"><span class="pre">proxy</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_unix_hotplug/">Type: <code class="docutils literal notranslate"><span class="pre">unix-hotplug</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_tpm/">Type: <code class="docutils literal notranslate"><span class="pre">tpm</span></code></a></li> <li class="toctree-l4"><a class="reference internal" href="../devices_pci/">Type: <code class="docutils literal notranslate"><span class="pre">pci</span></code></a></li> </ul> </li> <li class="toctree-l3"><a class="reference internal" href="../instance_units/">Units for storage and network limits</a></li> </ul> </li> <li class="toctree-l2"><a class="reference internal" href="../preseed_yaml_fields/">Preseed YAML file fields</a></li> <li class="toctree-l2 current current-page"><a class="current reference internal" href="#">Project configuration</a></li> <li class="toctree-l2 has-children"><a class="reference internal" href="../storage_drivers/">Storage drivers</a><input class="toctree-checkbox" id="toctree-checkbox-17" name="toctree-checkbox-17" role="switch" type="checkbox"/><label for="toctree-checkbox-17"><div class="visually-hidden">Toggle navigation of Storage drivers</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../storage_btrfs/">Btrfs - <code class="docutils literal notranslate"><span class="pre">btrfs</span></code></a></li> <li class="toctree-l3"><a class="reference internal" href="../storage_cephfs/">CephFS - <code class="docutils literal notranslate"><span class="pre">cephfs</span></code></a></li> <li class="toctree-l3"><a class="reference internal" href="../storage_cephobject/">Ceph Object - <code class="docutils literal notranslate"><span class="pre">cephobject</span></code></a></li> <li class="toctree-l3"><a class="reference internal" href="../storage_ceph/">Ceph RBD - <code class="docutils literal notranslate"><span class="pre">ceph</span></code></a></li> <li class="toctree-l3"><a class="reference internal" href="../storage_powerflex/">Dell PowerFlex - <code class="docutils literal notranslate"><span class="pre">powerflex</span></code></a></li> <li class="toctree-l3"><a class="reference internal" href="../storage_pure/">Pure Storage - <code class="docutils literal notranslate"><span class="pre">pure</span></code></a></li> <li class="toctree-l3"><a class="reference internal" href="../storage_dir/">Directory - <code class="docutils literal notranslate"><span class="pre">dir</span></code></a></li> <li class="toctree-l3"><a class="reference internal" href="../storage_lvm/">LVM - <code class="docutils literal notranslate"><span class="pre">lvm</span></code></a></li> <li class="toctree-l3"><a class="reference internal" href="../storage_zfs/">ZFS - <code class="docutils literal notranslate"><span class="pre">zfs</span></code></a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../networks/">Networks</a><input class="toctree-checkbox" id="toctree-checkbox-18" name="toctree-checkbox-18" role="switch" type="checkbox"/><label for="toctree-checkbox-18"><div class="visually-hidden">Toggle navigation of Networks</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../network_bridge/">Bridge network</a></li> <li class="toctree-l3"><a class="reference internal" href="../network_ovn/">OVN network</a></li> <li class="toctree-l3"><a class="reference internal" href="../network_macvlan/">Macvlan network</a></li> <li class="toctree-l3"><a class="reference internal" href="../network_physical/">Physical network</a></li> <li class="toctree-l3"><a class="reference internal" href="../network_sriov/">SR-IOV network</a></li> </ul> </li> <li class="toctree-l2"><a class="reference internal" href="../cluster_member_config/">Cluster configuration</a></li> <li class="toctree-l2"><a class="reference internal" href="../server_settings/">Production server settings</a></li> <li class="toctree-l2"><a class="reference internal" href="../provided_metrics/">Provided metrics</a></li> <li class="toctree-l2"><a class="reference internal" href="../permissions/">Permissions</a></li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../restapi_landing/">REST API</a><input class="toctree-checkbox" id="toctree-checkbox-19" name="toctree-checkbox-19" role="switch" type="checkbox"/><label for="toctree-checkbox-19"><div class="visually-hidden">Toggle navigation of REST API</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../rest-api/">Main API documentation</a></li> <li class="toctree-l3"><a class="reference internal" href="../../api/">Main API specification</a></li> <li class="toctree-l3"><a class="reference internal" href="../../api-extensions/">Main API extensions</a></li> <li class="toctree-l3"><a class="reference internal" href="../../events/">Events API documentation</a></li> <li class="toctree-l3"><a class="reference internal" href="../../dev-lxd/">Instance API</a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../manpages/">Man pages</a><input class="toctree-checkbox" id="toctree-checkbox-20" name="toctree-checkbox-20" role="switch" type="checkbox"/><label for="toctree-checkbox-20"><div class="visually-hidden">Toggle navigation of Man pages</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../manpages/lxc/"><code class="docutils literal notranslate"><span class="pre">lxc</span></code></a></li> </ul> </li> <li class="toctree-l2 has-children"><a class="reference internal" href="../../internals/">Internals</a><input class="toctree-checkbox" id="toctree-checkbox-21" name="toctree-checkbox-21" role="switch" type="checkbox"/><label for="toctree-checkbox-21"><div class="visually-hidden">Toggle navigation of Internals</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l3"><a class="reference internal" href="../../environment/">Environment variables</a></li> <li class="toctree-l3"><a class="reference internal" href="../uefi_variables/">UEFI variables for VMs</a></li> <li class="toctree-l3"><a class="reference internal" href="../../daemon-behavior/">Daemon behavior</a></li> <li class="toctree-l3"><a class="reference internal" href="../../syscall-interception/">System call interception</a></li> <li class="toctree-l3"><a class="reference internal" href="../../userns-idmap/">User namespace setup</a></li> <li class="toctree-l3"><a class="reference internal" href="../ovn-internals/">OVN implementation</a></li> <li class="toctree-l3"><a class="reference internal" href="../vm_live_migration_internals/">VM live migration implementation</a></li> </ul> </li> <li class="toctree-l2"><a class="reference external" href="https://github.com/canonical/lxd">Project repository</a></li> <li class="toctree-l2"><a class="reference external" href="https://images.lxd.canonical.com">Image server</a></li> </ul> </li> </ul> </div> </div> </div> </div> </aside> <div class="main"> <div class="content"> <div class="article-container"> <a href="#" class="back-to-top muted-link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"></path> </svg> <span>Back to top</span> </a> <div class="content-icon-container"> <div class="view-this-page"> <a class="muted-link" href="../../_sources/reference/projects.md.txt" title="View this page"> <svg><use href="#svg-eye"></use></svg> <span class="visually-hidden">View this page</span> </a> </div> <div class="theme-toggle-container theme-toggle-content"> <button class="theme-toggle"> <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div> <svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg> <svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg> <svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg> <svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg> </button> </div> <label class="toc-overlay-icon toc-content-icon" for="__toc"> <div class="visually-hidden">Toggle table of contents sidebar</div> <i class="icon"><svg><use href="#svg-toc"></use></svg></i> </label> </div> <article role="main" id="furo-main-content"> <section id="project-configuration"> <span id="ref-projects"></span><h1>Project configuration<a class="headerlink" href="#project-configuration" title="Link to this heading">¶</a></h1> <p>Projects can be configured through a set of key/value configuration options. See <a class="reference internal" href="../../howto/projects_create/#projects-configure"><span class="std std-ref">Configure a project</span></a> for instructions on how to set these options.</p> <p>The key/value configuration is namespaced. The following options are available:</p> <ul class="simple"> <li><p><a class="reference internal" href="#project-features"><span class="std std-ref">Project features</span></a></p></li> <li><p><a class="reference internal" href="#project-limits"><span class="std std-ref">Project limits</span></a></p></li> <li><p><a class="reference internal" href="#project-restrictions"><span class="std std-ref">Project restrictions</span></a></p></li> <li><p><a class="reference internal" href="#project-specific-config"><span class="std std-ref">Project-specific configuration</span></a></p></li> </ul> <section id="project-features"> <span id="id1"></span><h2>Project features<a class="headerlink" href="#project-features" title="Link to this heading">¶</a></h2> <p>The project features define which entities are isolated in the project and which are inherited from the <code class="docutils literal notranslate"><span class="pre">default</span></code> project.</p> <p>If a <code class="docutils literal notranslate"><span class="pre">feature.*</span></code> option is set to <code class="docutils literal notranslate"><span class="pre">true</span></code>, the corresponding entity is isolated in the project.</p> <div class="admonition note"> <p class="admonition-title">Note</p> <p>When you create a project without explicitly configuring a specific option, this option is set to the initial value given in the following table.</p> <p>However, if you unset one of the <code class="docutils literal notranslate"><span class="pre">feature.*</span></code> options, it does not go back to the initial value, but to the default value. The default value for all <code class="docutils literal notranslate"><span class="pre">feature.*</span></code> options is <code class="docutils literal notranslate"><span class="pre">false</span></code>.</p> </div> <div class="configoption docutils container" id="project-features:features.images"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">features.images</span></code></span><span class="shortdesc"><p>Whether to use a separate set of images for the project</p> </span><span class="anchor"><a class="reference external" href="#project-features:features.images"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">features.images</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>bool</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p> </span></td> </tr> <tr class="row-even"><td><strong>Initial value: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>This setting applies to both images and image aliases.</p> </div> </div> <div class="configoption docutils container" id="project-features:features.networks"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">features.networks</span></code></span><span class="shortdesc"><p>Whether to use a separate set of networks for the project</p> </span><span class="anchor"><a class="reference external" href="#project-features:features.networks"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">features.networks</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>bool</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p> </span></td> </tr> <tr class="row-even"><td><strong>Initial value: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-features:features.networks.zones"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">features.networks.zones</span></code></span><span class="shortdesc"><p>Whether to use a separate set of network zones for the project</p> </span><span class="anchor"><a class="reference external" href="#project-features:features.networks.zones"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">features.networks.zones</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>bool</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p> </span></td> </tr> <tr class="row-even"><td><strong>Initial value: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-features:features.profiles"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">features.profiles</span></code></span><span class="shortdesc"><p>Whether to use a separate set of profiles for the project</p> </span><span class="anchor"><a class="reference external" href="#project-features:features.profiles"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">features.profiles</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>bool</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p> </span></td> </tr> <tr class="row-even"><td><strong>Initial value: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-features:features.storage.buckets"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">features.storage.buckets</span></code></span><span class="shortdesc"><p>Whether to use a separate set of storage buckets for the project</p> </span><span class="anchor"><a class="reference external" href="#project-features:features.storage.buckets"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">features.storage.buckets</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>bool</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p> </span></td> </tr> <tr class="row-even"><td><strong>Initial value: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-features:features.storage.volumes"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">features.storage.volumes</span></code></span><span class="shortdesc"><p>Whether to use a separate set of storage volumes for the project</p> </span><span class="anchor"><a class="reference external" href="#project-features:features.storage.volumes"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">features.storage.volumes</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>bool</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p> </span></td> </tr> <tr class="row-even"><td><strong>Initial value: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p> </span></td> </tr> </tbody> </table> </div> </div> </div> </section> <section id="project-limits"> <span id="id2"></span><h2>Project limits<a class="headerlink" href="#project-limits" title="Link to this heading">¶</a></h2> <p>Project limits define a hard upper bound for the resources that can be used by the containers and VMs that belong to a project.</p> <p>Depending on the <code class="docutils literal notranslate"><span class="pre">limits.*</span></code> option, the limit applies to the number of entities that are allowed in the project (for example, <a class="configref reference internal" href="#project-limits:limits.containers"><code class="docutils literal notranslate"><span class="pre">limits.containers</span></code></a> or <a class="configref reference internal" href="#project-limits:limits.networks"><code class="docutils literal notranslate"><span class="pre">limits.networks</span></code></a>) or to the aggregate value of resource usage for all instances in the project (for example, <a class="configref reference internal" href="#project-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> or <a class="configref reference internal" href="#project-limits:limits.processes"><code class="docutils literal notranslate"><span class="pre">limits.processes</span></code></a>). In the latter case, the limit usually applies to the <a class="reference internal" href="../instance_options/#instance-options-limits"><span class="std std-ref">Resource limits</span></a> that are configured for each instance (either directly or via a profile), and not to the resources that are actually in use.</p> <p>For example, if you set the project’s <a class="configref reference internal" href="#project-limits:limits.memory"><code class="docutils literal notranslate"><span class="pre">limits.memory</span></code></a> configuration to <code class="docutils literal notranslate"><span class="pre">50GiB</span></code>, the sum of the individual values of all <a class="configref reference internal" href="../instance_options/#instance-resource-limits:limits.memory"><code class="docutils literal notranslate"><span class="pre">limits.memory</span></code></a> configuration keys defined on the project’s instances will be kept under 50 GiB.</p> <p>Similarly, setting the project’s <a class="configref reference internal" href="#project-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> configuration key to <code class="docutils literal notranslate"><span class="pre">100</span></code> means that the sum of individual <a class="configref reference internal" href="../instance_options/#instance-resource-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> values will be kept below 100.</p> <p>When using project limits, the following conditions must be fulfilled:</p> <ul class="simple"> <li><p>When you set one of the <code class="docutils literal notranslate"><span class="pre">limits.*</span></code> configurations and there is a corresponding configuration for the instance, all instances in the project must have the corresponding configuration defined (either directly or via a profile). See <a class="reference internal" href="../instance_options/#instance-options-limits"><span class="std std-ref">Resource limits</span></a> for the instance configuration options.</p></li> <li><p>The <a class="configref reference internal" href="#project-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> configuration cannot be used if <a class="reference internal" href="../instance_options/#instance-options-limits-cpu"><span class="std std-ref">CPU pinning</span></a> is enabled. This means that to use <a class="configref reference internal" href="#project-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> on a project, the <a class="configref reference internal" href="../instance_options/#instance-resource-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> configuration of each instance in the project must be set to a number of CPUs, not a set or a range of CPUs.</p></li> <li><p>The <a class="configref reference internal" href="#project-limits:limits.memory"><code class="docutils literal notranslate"><span class="pre">limits.memory</span></code></a> configuration must be set to an absolute value, not a percentage.</p></li> </ul> <div class="configoption docutils container" id="project-limits:limits.containers"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.containers</span></code></span><span class="shortdesc"><p>Maximum number of containers that can be created in the project</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.containers"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.containers</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>integer</p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-limits:limits.cpu"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></span><span class="shortdesc"><p>Maximum number of CPUs to use in the project</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.cpu"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>integer</p> </span></td> </tr> </tbody> </table> </div> <p>This value is the maximum value for the sum of the individual <a class="configref reference internal" href="../instance_options/#instance-resource-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> configurations set on the instances of the project.</p> </div> </div> <div class="configoption docutils container" id="project-limits:limits.disk"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.disk</span></code></span><span class="shortdesc"><p>Maximum disk space used by the project</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.disk"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.disk</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>This value is the maximum value of the aggregate disk space used by all instance volumes, custom volumes, and images of the project.</p> </div> </div> <div class="configoption docutils container" id="project-limits:limits.disk.pool.POOL_NAME"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.disk.pool.POOL_NAME</span></code></span><span class="shortdesc"><p>Maximum disk space used by the project on this pool</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.disk.pool.POOL_NAME"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.disk.pool.POOL_NAME</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>This value is the maximum value of the aggregate disk space used by all instance volumes, custom volumes, and images of the project on this specific storage pool.</p> <p>When set to 0, the pool is excluded from storage pool list for the project.</p> </div> </div> <div class="configoption docutils container" id="project-limits:limits.instances"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.instances</span></code></span><span class="shortdesc"><p>Maximum number of instances that can be created in the project</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.instances"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.instances</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>integer</p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-limits:limits.memory"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.memory</span></code></span><span class="shortdesc"><p>Usage limit for the host’s memory for the project</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.memory"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.memory</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>The value is the maximum value for the sum of the individual <a class="configref reference internal" href="../instance_options/#instance-resource-limits:limits.memory"><code class="docutils literal notranslate"><span class="pre">limits.memory</span></code></a> configurations set on the instances of the project.</p> </div> </div> <div class="configoption docutils container" id="project-limits:limits.networks"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.networks</span></code></span><span class="shortdesc"><p>Maximum number of networks that the project can have</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.networks"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.networks</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>integer</p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-limits:limits.networks.uplink_ips.ipv4.NETWORK_NAME"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.networks.uplink_ips.ipv4.NETWORK_NAME</span></code></span><span class="shortdesc"><p>Quota of IPv4 addresses from a specified uplink network that can be used by entities in this project</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.networks.uplink_ips.ipv4.NETWORK_NAME"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.networks.uplink_ips.ipv4.NETWORK_NAME</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>Maximum number of IPv4 addresses that this project can consume from the specified uplink network. This number of IPs can be consumed by networks, forwards and load balancers in this project.</p> </div> </div> <div class="configoption docutils container" id="project-limits:limits.networks.uplink_ips.ipv6.NETWORK_NAME"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.networks.uplink_ips.ipv6.NETWORK_NAME</span></code></span><span class="shortdesc"><p>Quota of IPv6 addresses from a specified uplink network that can be used by entities in this project</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.networks.uplink_ips.ipv6.NETWORK_NAME"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.networks.uplink_ips.ipv6.NETWORK_NAME</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>Maximum number of IPv6 addresses that this project can consume from the specified uplink network. This number of IPs can be consumed by networks, forwards and load balancers in this project.</p> </div> </div> <div class="configoption docutils container" id="project-limits:limits.processes"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.processes</span></code></span><span class="shortdesc"><p>Maximum number of processes within the project</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.processes"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.processes</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>integer</p> </span></td> </tr> </tbody> </table> </div> <p>This value is the maximum value for the sum of the individual <a class="configref reference internal" href="../instance_options/#instance-resource-limits:limits.processes"><code class="docutils literal notranslate"><span class="pre">limits.processes</span></code></a> configurations set on the instances of the project.</p> </div> </div> <div class="configoption docutils container" id="project-limits:limits.virtual-machines"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">limits.virtual-machines</span></code></span><span class="shortdesc"><p>Maximum number of VMs that can be created in the project</p> </span><span class="anchor"><a class="reference external" href="#project-limits:limits.virtual-machines"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">limits.virtual-machines</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>integer</p> </span></td> </tr> </tbody> </table> </div> </div> </div> </section> <section id="project-restrictions"> <span id="id3"></span><h2>Project restrictions<a class="headerlink" href="#project-restrictions" title="Link to this heading">¶</a></h2> <p>To prevent the instances of a project from accessing security-sensitive features (such as container nesting or raw LXC configuration), set the <a class="configref reference internal" href="#project-restricted:restricted"><code class="docutils literal notranslate"><span class="pre">restricted</span></code></a> configuration option to <code class="docutils literal notranslate"><span class="pre">true</span></code>. You can then use the various <code class="docutils literal notranslate"><span class="pre">restricted.*</span></code> options to pick individual features that would normally be blocked by <a class="configref reference internal" href="#project-restricted:restricted"><code class="docutils literal notranslate"><span class="pre">restricted</span></code></a> and allow them, so they can be used by the instances of the project.</p> <p>For example, to restrict a project and block all security-sensitive features, but allow container nesting, enter the following commands:</p> <div class="highlight-none notranslate"><div class="highlight"><pre><span></span>lxc project set <project_name> restricted=true lxc project set <project_name> restricted.containers.nesting=allow </pre></div> </div> <p>Each security-sensitive feature has an associated <code class="docutils literal notranslate"><span class="pre">restricted.*</span></code> project configuration option. If you want to allow the usage of a feature, change the value of its <code class="docutils literal notranslate"><span class="pre">restricted.*</span></code> option. Most <code class="docutils literal notranslate"><span class="pre">restricted.*</span></code> configurations are binary switches that can be set to either <code class="docutils literal notranslate"><span class="pre">block</span></code> (the default) or <code class="docutils literal notranslate"><span class="pre">allow</span></code>. However, some options support other values for more fine-grained control.</p> <div class="admonition note"> <p class="admonition-title">Note</p> <p>You must set the <code class="docutils literal notranslate"><span class="pre">restricted</span></code> configuration to <code class="docutils literal notranslate"><span class="pre">true</span></code> for any of the <code class="docutils literal notranslate"><span class="pre">restricted.*</span></code> options to be effective. If <code class="docutils literal notranslate"><span class="pre">restricted</span></code> is set to <code class="docutils literal notranslate"><span class="pre">false</span></code>, changing a <code class="docutils literal notranslate"><span class="pre">restricted.*</span></code> option has no effect.</p> <p>Setting all <code class="docutils literal notranslate"><span class="pre">restricted.*</span></code> keys to <code class="docutils literal notranslate"><span class="pre">allow</span></code> is equivalent to setting <code class="docutils literal notranslate"><span class="pre">restricted</span></code> itself to <code class="docutils literal notranslate"><span class="pre">false</span></code>.</p> </div> <div class="configoption docutils container" id="project-restricted:restricted"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted</span></code></span><span class="shortdesc"><p>Whether to block access to security-sensitive features</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>bool</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>This option must be enabled to allow the <code class="docutils literal notranslate"><span class="pre">restricted.*</span></code> keys to take effect. To temporarily remove the restrictions, you can disable this option instead of clearing the related keys.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.backups"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.backups</span></code></span><span class="shortdesc"><p>Whether to prevent creating instance or volume backups</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.backups"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.backups</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.cluster.groups"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.cluster.groups</span></code></span><span class="shortdesc"><p>Cluster groups that can be targeted</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.cluster.groups"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.cluster.groups</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>If specified, this option prevents targeting cluster groups other than the provided ones.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.cluster.target"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.cluster.target</span></code></span><span class="shortdesc"><p>Whether to prevent targeting of cluster members</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.cluster.target"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.cluster.target</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>. When set to <code class="docutils literal notranslate"><span class="pre">allow</span></code>, this option allows targeting of cluster members (either directly or via a group) when creating or moving instances.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.containers.interception"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.containers.interception</span></code></span><span class="shortdesc"><p>Whether to prevent using system call interception options</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.containers.interception"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.containers.interception</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code>, <code class="docutils literal notranslate"><span class="pre">block</span></code>, or <code class="docutils literal notranslate"><span class="pre">full</span></code>. When set to <code class="docutils literal notranslate"><span class="pre">allow</span></code>, interception options that are usually safe are allowed. File system mounting remains blocked.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.containers.lowlevel"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.containers.lowlevel</span></code></span><span class="shortdesc"><p>Whether to prevent using low-level container options</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.containers.lowlevel"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.containers.lowlevel</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>. When set to <code class="docutils literal notranslate"><span class="pre">allow</span></code>, low-level container options like <a class="configref reference internal" href="../instance_options/#instance-raw:raw.lxc"><code class="docutils literal notranslate"><span class="pre">raw.lxc</span></code></a>, <a class="configref reference internal" href="../instance_options/#instance-raw:raw.idmap"><code class="docutils literal notranslate"><span class="pre">raw.idmap</span></code></a>, <code class="docutils literal notranslate"><span class="pre">volatile.*</span></code>, etc. can be used.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.containers.nesting"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.containers.nesting</span></code></span><span class="shortdesc"><p>Whether to prevent running nested LXD</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.containers.nesting"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.containers.nesting</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>. When set to <code class="docutils literal notranslate"><span class="pre">allow</span></code>, <a class="configref reference internal" href="../instance_options/#instance-security:security.nesting"><code class="docutils literal notranslate"><span class="pre">security.nesting</span></code></a> can be set to <code class="docutils literal notranslate"><span class="pre">true</span></code> for an instance.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.containers.privilege"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.containers.privilege</span></code></span><span class="shortdesc"><p>Which settings for privileged containers to prevent</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.containers.privilege"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.containers.privilege</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">unprivileged</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">unprivileged</span></code>, <code class="docutils literal notranslate"><span class="pre">isolated</span></code>, and <code class="docutils literal notranslate"><span class="pre">allow</span></code>.</p> <ul class="simple"> <li><p>When set to <code class="docutils literal notranslate"><span class="pre">unpriviliged</span></code>, this option prevents setting <a class="configref reference internal" href="../instance_options/#instance-security:security.privileged"><code class="docutils literal notranslate"><span class="pre">security.privileged</span></code></a> to <code class="docutils literal notranslate"><span class="pre">true</span></code>.</p></li> <li><p>When set to <code class="docutils literal notranslate"><span class="pre">isolated</span></code>, this option prevents setting <a class="configref reference internal" href="../instance_options/#instance-security:security.privileged"><code class="docutils literal notranslate"><span class="pre">security.privileged</span></code></a> to <code class="docutils literal notranslate"><span class="pre">true</span></code> and forces using a unique idmap per container using <a class="configref reference internal" href="../instance_options/#instance-security:security.idmap.isolated"><code class="docutils literal notranslate"><span class="pre">security.idmap.isolated</span></code></a> set to <code class="docutils literal notranslate"><span class="pre">true</span></code>.</p></li> <li><p>When set to <code class="docutils literal notranslate"><span class="pre">allow</span></code>, there is no restriction.</p></li> </ul> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.disk"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.disk</span></code></span><span class="shortdesc"><p>Which disk devices can be used</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.disk"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.disk</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">managed</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code>, <code class="docutils literal notranslate"><span class="pre">block</span></code>, or <code class="docutils literal notranslate"><span class="pre">managed</span></code>.</p> <ul> <li><p>When set to <code class="docutils literal notranslate"><span class="pre">block</span></code>, this option prevents using all disk devices except the root one.</p></li> <li><p>When set to <code class="docutils literal notranslate"><span class="pre">managed</span></code>, this option allows using disk devices only if <code class="docutils literal notranslate"><span class="pre">pool=</span></code> is set.</p></li> <li><p>When set to <code class="docutils literal notranslate"><span class="pre">allow</span></code>, there is no restriction on which disk devices can be used.</p> <div class="admonition important"> <p class="admonition-title">Important</p> <p>When allowing all disk devices, make sure to set <a class="configref reference internal" href="#project-restricted:restricted.devices.disk.paths"><code class="docutils literal notranslate"><span class="pre">restricted.devices.disk.paths</span></code></a> to a list of path prefixes that you want to allow. If you do not restrict the allowed paths, users can attach any disk device, including shifted devices (<code class="docutils literal notranslate"><span class="pre">disk</span></code> devices with <a class="reference internal" href="../devices_disk/#devices-disk-options"><span class="std std-ref"><code class="docutils literal notranslate"><span class="pre">shift</span></code></span></a> set to <code class="docutils literal notranslate"><span class="pre">true</span></code>), which can be used to gain root access to the system.</p> </div> </li> </ul> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.disk.paths"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.disk.paths</span></code></span><span class="shortdesc"><p>Which <code class="docutils literal notranslate"><span class="pre">source</span></code> can be used for <code class="docutils literal notranslate"><span class="pre">disk</span></code> devices</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.disk.paths"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.disk.paths</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>If <a class="configref reference internal" href="#project-restricted:restricted.devices.disk"><code class="docutils literal notranslate"><span class="pre">restricted.devices.disk</span></code></a> is set to <code class="docutils literal notranslate"><span class="pre">allow</span></code>, this option controls which <code class="docutils literal notranslate"><span class="pre">source</span></code> can be used for <code class="docutils literal notranslate"><span class="pre">disk</span></code> devices. Specify a comma-separated list of path prefixes that restrict the <code class="docutils literal notranslate"><span class="pre">source</span></code> setting. If this option is left empty, all paths are allowed.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.gpu"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.gpu</span></code></span><span class="shortdesc"><p>Whether to prevent using devices of type <code class="docutils literal notranslate"><span class="pre">gpu</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.gpu"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.gpu</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.infiniband"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.infiniband</span></code></span><span class="shortdesc"><p>Whether to prevent using devices of type <code class="docutils literal notranslate"><span class="pre">infiniband</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.infiniband"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.infiniband</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.nic"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.nic</span></code></span><span class="shortdesc"><p>Which network devices can be used</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.nic"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.nic</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">managed</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code>, <code class="docutils literal notranslate"><span class="pre">block</span></code>, or <code class="docutils literal notranslate"><span class="pre">managed</span></code>.</p> <ul class="simple"> <li><p>When set to <code class="docutils literal notranslate"><span class="pre">block</span></code>, this option prevents using all network devices.</p></li> <li><p>When set to <code class="docutils literal notranslate"><span class="pre">managed</span></code>, this option allows using network devices only if <code class="docutils literal notranslate"><span class="pre">network=</span></code> is set.</p></li> <li><p>When set to <code class="docutils literal notranslate"><span class="pre">allow</span></code>, there is no restriction on which network devices can be used.</p></li> </ul> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.pci"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.pci</span></code></span><span class="shortdesc"><p>Whether to prevent using devices of type <code class="docutils literal notranslate"><span class="pre">pci</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.pci"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.pci</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.proxy"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.proxy</span></code></span><span class="shortdesc"><p>Whether to prevent using devices of type <code class="docutils literal notranslate"><span class="pre">proxy</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.proxy"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.proxy</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.unix-block"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.unix-block</span></code></span><span class="shortdesc"><p>Whether to prevent using devices of type <code class="docutils literal notranslate"><span class="pre">unix-block</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.unix-block"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.unix-block</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.unix-char"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.unix-char</span></code></span><span class="shortdesc"><p>Whether to prevent using devices of type <code class="docutils literal notranslate"><span class="pre">unix-char</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.unix-char"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.unix-char</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.unix-hotplug"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.unix-hotplug</span></code></span><span class="shortdesc"><p>Whether to prevent using devices of type <code class="docutils literal notranslate"><span class="pre">unix-hotplug</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.unix-hotplug"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.unix-hotplug</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.devices.usb"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.devices.usb</span></code></span><span class="shortdesc"><p>Whether to prevent using devices of type <code class="docutils literal notranslate"><span class="pre">usb</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.devices.usb"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.devices.usb</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.idmap.gid"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.idmap.gid</span></code></span><span class="shortdesc"><p>Which host GID ranges are allowed in <code class="docutils literal notranslate"><span class="pre">raw.idmap</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.idmap.gid"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.idmap.gid</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>This option specifies the host GID ranges that are allowed in the instance’s <a class="configref reference internal" href="../instance_options/#instance-raw:raw.idmap"><code class="docutils literal notranslate"><span class="pre">raw.idmap</span></code></a> setting.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.idmap.uid"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.idmap.uid</span></code></span><span class="shortdesc"><p>Which host UID ranges are allowed in <code class="docutils literal notranslate"><span class="pre">raw.idmap</span></code></p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.idmap.uid"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.idmap.uid</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>This option specifies the host UID ranges that are allowed in the instance’s <a class="configref reference internal" href="../instance_options/#instance-raw:raw.idmap"><code class="docutils literal notranslate"><span class="pre">raw.idmap</span></code></a> setting.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.networks.access"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.networks.access</span></code></span><span class="shortdesc"><p>Which network names are allowed for use in this project</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.networks.access"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.networks.access</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>Specify a comma-delimited list of network names that are allowed for use in this project. If this option is not set, all networks are accessible.</p> <p>Note that this setting depends on the <a class="configref reference internal" href="#project-restricted:restricted.devices.nic"><code class="docutils literal notranslate"><span class="pre">restricted.devices.nic</span></code></a> setting.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.networks.subnets"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.networks.subnets</span></code></span><span class="shortdesc"><p>Which network subnets are allocated for use in this project</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.networks.subnets"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.networks.subnets</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Specify a comma-delimited list of CIDR network routes from the uplink network’s <a class="configref reference internal" href="../network_physical/#network-physical-network-conf:ipv4.routes"><code class="docutils literal notranslate"><span class="pre">ipv4.routes</span></code></a> <a class="configref reference internal" href="../network_physical/#network-physical-network-conf:ipv6.routes"><code class="docutils literal notranslate"><span class="pre">ipv6.routes</span></code></a> that are allowed for use in this project. Use the form <code class="docutils literal notranslate"><span class="pre"><uplink>:<subnet></span></code>.</p> <p>Example value: <code class="docutils literal notranslate"><span class="pre">lxdbr0:192.0.168.0/24,lxdbr0:10.1.19.5/32</span></code></p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.networks.uplinks"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.networks.uplinks</span></code></span><span class="shortdesc"><p>Which network names can be used as uplink in this project</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.networks.uplinks"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.networks.uplinks</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Specify a comma-delimited list of network names that can be used as uplink for networks in this project.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.networks.zones"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.networks.zones</span></code></span><span class="shortdesc"><p>Which network zones can be used in this project</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.networks.zones"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.networks.zones</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Specify a comma-delimited list of network zones that can be used (or something under them) in this project.</p> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.snapshots"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.snapshots</span></code></span><span class="shortdesc"><p>Whether to prevent creating instance or volume snapshots</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.snapshots"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.snapshots</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-restricted:restricted.virtual-machines.lowlevel"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">restricted.virtual-machines.lowlevel</span></code></span><span class="shortdesc"><p>Whether to prevent using low-level VM options</p> </span><span class="anchor"><a class="reference external" href="#project-restricted:restricted.virtual-machines.lowlevel"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">restricted.virtual-machines.lowlevel</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> <tr class="row-odd"><td><strong>Default: </strong></td> <td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">block</span></code></p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">allow</span></code> or <code class="docutils literal notranslate"><span class="pre">block</span></code>. When set to <code class="docutils literal notranslate"><span class="pre">allow</span></code>, low-level VM options like <a class="configref reference internal" href="../instance_options/#instance-raw:raw.qemu"><code class="docutils literal notranslate"><span class="pre">raw.qemu</span></code></a>, <code class="docutils literal notranslate"><span class="pre">volatile.*</span></code>, etc. can be used.</p> </div> </div> </section> <section id="project-specific-configuration"> <span id="project-specific-config"></span><h2>Project-specific configuration<a class="headerlink" href="#project-specific-configuration" title="Link to this heading">¶</a></h2> <p>There are some <a class="reference internal" href="../../server/#server"><span class="std std-ref">Server configuration</span></a> options that you can override for a project. In addition, you can add user metadata for a project.</p> <div class="configoption docutils container" id="project-specific:backups.compression_algorithm"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">backups.compression_algorithm</span></code></span><span class="shortdesc"><p>Compression algorithm to use for backups</p> </span><span class="anchor"><a class="reference external" href="#project-specific:backups.compression_algorithm"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">backups.compression_algorithm</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>Specify which compression algorithm to use for backups in this project. Possible values are <code class="docutils literal notranslate"><span class="pre">bzip2</span></code>, <code class="docutils literal notranslate"><span class="pre">gzip</span></code>, <code class="docutils literal notranslate"><span class="pre">lzma</span></code>, <code class="docutils literal notranslate"><span class="pre">xz</span></code>, or <code class="docutils literal notranslate"><span class="pre">none</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-specific:images.auto_update_cached"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">images.auto_update_cached</span></code></span><span class="shortdesc"><p>Whether to automatically update cached images in the project</p> </span><span class="anchor"><a class="reference external" href="#project-specific:images.auto_update_cached"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">images.auto_update_cached</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>bool</p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-specific:images.auto_update_interval"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">images.auto_update_interval</span></code></span><span class="shortdesc"><p>Interval at which to look for updates to cached images</p> </span><span class="anchor"><a class="reference external" href="#project-specific:images.auto_update_interval"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">images.auto_update_interval</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>integer</p> </span></td> </tr> </tbody> </table> </div> <p>Specify the interval in hours. To disable looking for updates to cached images, set this option to <code class="docutils literal notranslate"><span class="pre">0</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-specific:images.compression_algorithm"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">images.compression_algorithm</span></code></span><span class="shortdesc"><p>Compression algorithm to use for new images in the project</p> </span><span class="anchor"><a class="reference external" href="#project-specific:images.compression_algorithm"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">images.compression_algorithm</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> <p>Possible values are <code class="docutils literal notranslate"><span class="pre">bzip2</span></code>, <code class="docutils literal notranslate"><span class="pre">gzip</span></code>, <code class="docutils literal notranslate"><span class="pre">lzma</span></code>, <code class="docutils literal notranslate"><span class="pre">xz</span></code>, or <code class="docutils literal notranslate"><span class="pre">none</span></code>.</p> </div> </div> <div class="configoption docutils container" id="project-specific:images.default_architecture"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">images.default_architecture</span></code></span><span class="shortdesc"><p>Default architecture to use in a mixed-architecture cluster</p> </span><span class="anchor"><a class="reference external" href="#project-specific:images.default_architecture"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">images.default_architecture</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> </div> </div> <div class="configoption docutils container" id="project-specific:images.remote_cache_expiry"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">images.remote_cache_expiry</span></code></span><span class="shortdesc"><p>When an unused cached remote image is flushed in the project</p> </span><span class="anchor"><a class="reference external" href="#project-specific:images.remote_cache_expiry"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">images.remote_cache_expiry</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>integer</p> </span></td> </tr> </tbody> </table> </div> <p>Specify the number of days after which the unused cached image expires.</p> </div> </div> <div class="configoption docutils container" id="project-specific:user.*"> <div class="basicinfo docutils container"> <span class="key"><code class="docutils literal notranslate"><span class="pre">user.*</span></code></span><span class="shortdesc"><p>User-provided free-form key/value pairs</p> </span><span class="anchor"><a class="reference external" href="#project-specific:user.*"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div> <div class="details docutils container"> <div class="table-wrapper fields docutils container"> <table class="fields docutils align-default"> <tbody> <tr class="row-odd"><td><strong>Key: </strong></td> <td><code class="docutils literal notranslate"><span class="pre">user.*</span></code></td> </tr> <tr class="row-even"><td><strong>Type: </strong></td> <td><span class="ignoreP"><p>string</p> </span></td> </tr> </tbody> </table> </div> </div> </div> </section> <section id="related-topics"> <h2>Related topics<a class="headerlink" href="#related-topics" title="Link to this heading">¶</a></h2> <p>How-to guides:</p> <ul class="simple"> <li><p><a class="reference internal" href="../../projects/#projects"><span class="std std-ref">Projects</span></a></p></li> </ul> <p>Explanation:</p> <ul class="simple"> <li><p><a class="reference internal" href="../../explanation/projects/#exp-projects"><span class="std std-ref">Instances grouping with projects</span></a></p></li> </ul> </section> </section> </article> </div> <footer> <div class="related-pages"> <a class="next-page" href="../storage_drivers/"> <div class="page-info"> <div class="context"> <span>Next</span> </div> <div class="title">Storage drivers</div> </div> <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg> </a> <a class="prev-page" href="../preseed_yaml_fields/"> <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg> <div class="page-info"> <div class="context"> <span>Previous</span> </div> <div class="title">Preseed YAML file fields</div> </div> </a> </div> <div class="bottom-of-page"> <div class="left-details"> <div class="copyright"> Copyright © 2014-2025 LXD contributors </div> <div class="last-updated"> Last updated on Sep 08, 2025</div> <div class="show-source"> <a class="muted-link" href="../../_sources/reference/projects.md.txt" rel="nofollow">Show source</a> </div> </div> <div> <a class="display-contributors">Thanks to the 5 contributors!</a> <div id="overlay"></div> <ul class="all-contributors"> <li> <a href="https://github.com/canonical/lxd/commit/73c5e60f21e7b92231d4a505b1b1ead84af999eb" class="contributor">Gabriel Mougard</a> </li> <li> <a href="https://github.com/canonical/lxd/commit/20ad200ec460ea4f0a0f9729a8c4168a42ef04bc" class="contributor">Julian Pelizäus</a> </li> <li> <a href="https://github.com/canonical/lxd/commit/f5eaa6e9dcdd29c409aa0d746229ea39ee3bdb10" class="contributor">Mark Laing</a> </li> <li> <a href="https://github.com/canonical/lxd/commit/12cb0e8a15c887ca941d848ca698ebe7eb20e7b6" class="contributor">Ruth Fuchss</a> </li> <li> <a href="https://github.com/canonical/lxd/commit/3be064b6efc76b2833ff26fe9d707c724bee03e8" class="contributor">Simon Deziel</a> </li> </ul> </div> <div class="right-details"> <div class="ask-discourse"> <a class="muted-link" href="https://discourse.ubuntu.com/c/lxd/">Ask a question on Discourse</a> </div> <div class="ask-matrix"> <a class="muted-link" href="https://matrix.to/#/#documentation:ubuntu.com">Ask a question on Matrix</a> </div> <div class="issue-github"> <a class="muted-link" href="https://github.com/canonical/lxd/issues/new?title=doc%3A+ADD+A+TITLE&body=DESCRIBE+THE+ISSUE%0A%0A---%0ADocument: reference/projects.md">Open a GitHub issue for this page</a> </div> <div class="edit-github"> <a class="muted-link" href="https://github.com/canonical/lxd/edit/main/doc/reference/projects.md">Edit this page on GitHub</a> </div> </div> </div> </div> </footer> </div> <aside class="toc-drawer"> <div class="toc-sticky toc-scroll"> <div class="toc-title-container"> <span class="toc-title"> Contents </span> </div> <div class="toc-tree-container"> <div class="toc-tree"> <ul> <li><a class="reference internal" href="#">Project configuration</a><ul> <li><a class="reference internal" href="#project-features">Project features</a></li> <li><a class="reference internal" href="#project-limits">Project limits</a></li> <li><a class="reference internal" href="#project-restrictions">Project restrictions</a></li> <li><a class="reference internal" href="#project-specific-configuration">Project-specific configuration</a></li> <li><a class="reference internal" href="#related-topics">Related topics</a></li> </ul> </li> </ul> </div> </div> </div> </aside> </div> </div><script src="../../_static/jquery.js?v=5d32c60e"></script> <script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script> <script src="../../_static/documentation_options.js?v=187304be"></script> <script src="../../_static/doctools.js?v=9bcbadda"></script> <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> <script src="../../_static/scripts/furo.js?v=46bd48cc"></script> <script src="../../_static/clipboard.min.js?v=a7894cd8"></script> <script src="../../_static/copybutton.js?v=f281be69"></script> <script src="../../_static/config-options.js"></script> <script src="../../_static/design-tabs.js?v=f930bc37"></script> <script src="../../_static/header-nav.js?v=e117ad08"></script> <script src="../../_static/footer.js?v=5acea47a"></script> <script src="../../_static/github_issue_links.js?v=32bb732f"></script> <script src="../../_static/js/bundle.js?v=a4d88309"></script> <script> const github_url = "https://github.com/canonical/lxd"; </script> </body> </html>
Copyright ©2k19 -
Hexid
|
Tex7ure