diff --git a/src/swmod_lxc.c b/src/swmod_lxc.c
index 50d183a37305a47fbba4c72b2a22231f490c2884..2e1ec2b3d96a7ad80674904b06fa8f7736ff2c42 100644
--- a/src/swmod_lxc.c
+++ b/src/swmod_lxc.c
@@ -86,6 +86,8 @@ static int lxc_attach_func(struct lxc_container *ct, lxc_attach_exec_t exec_func
 	if (ret < 0)
 		goto err;
 
+	close(pipefd[1]);
+
 	ret = read(pipefd[0], lxc_attach_result, sizeof(lxc_attach_result)-1);
 	if (ret < 0) {
 		PRINT_INFO("Failed to read from pipe");
@@ -130,7 +132,7 @@ static int lxc_attach_run_env_func(void *args)
 	/* lxc_attach_result buffer format */
 	/* type=<ENV_TYPE> vendor=<ENV_VENDOR> version=<ENV_VERSION>
 	 *  alloc_mem=<ENV_ALLOCATED_MEMORY> avail_mem=<ENV_AVAILABLE_MEMORY> */
-	PRINT_DEBUG("type=%s vendor=%s version=%s alloc_mem=%lu avail_mem=%lu",
+	fprintf(stdout, "type=%s vendor=%s version=%s alloc_mem=%lu avail_mem=%lu",
 			type, vendor, version, alloc_mem, avail_mem);
 
 	return 0;
@@ -190,6 +192,8 @@ void populate_lxc_environment(void)
 /************************** Deployment/Execution Unit **************************/
 static int lxc_attach_run_deployment_unit_func(void *args)
 {
+	char map_du_path[32] = {0};
+	unsigned int um = 0;
 	lxc_attach_args *data = (lxc_attach_args *)args;
 
 	if (!data || *(data->lxcpath) == '\0' || *(data->value) == '\0') {
@@ -197,16 +201,9 @@ static int lxc_attach_run_deployment_unit_func(void *args)
 		return -1;
 	}
 
-	char lxc_map_du_path[128] = {0};
-
-	snprintf(lxc_map_du_path, sizeof(lxc_map_du_path), "%s/%s/rootfs%s",
-			data->lxcpath,
-			data->value,
-			OPKG_INFO_PATH);
+	snprintf(map_du_path, sizeof(map_du_path), "%s%s", SWMOD_PATH, SWMOD_MAP_DU);
 
-
-	time_t tm = get_file_mtime(lxc_map_du_path);
-	unsigned int um = 0;
+	time_t tm = get_file_mtime(OPKG_INFO_PATH);
 
 	sscanf(lxc_hash, "%u", &um);
 	if (tm == um) {
@@ -219,6 +216,8 @@ static int lxc_attach_run_deployment_unit_func(void *args)
 		return -1;
 	}
 
+	create_file(map_du_path); //create empty file if does not exists
+
 	struct uci_section *ss = NULL, *stmp = NULL;
 	char pname[256] = {0};
 	FILE *log;
diff --git a/templates/lxc-iopsys b/templates/lxc-iopsys
index 372bc03d25aaec8f49783c6e02837b3379f61937..892d0847e418ec43faf8380d6670ef0ffed584ff 100755
--- a/templates/lxc-iopsys
+++ b/templates/lxc-iopsys
@@ -53,6 +53,7 @@ install_busybox()
         ${rootfs}/etc/config \
         ${rootfs}/etc/init.d \
         ${rootfs}/etc/rc.d \
+        ${rootfs}/etc/swmod \
         ${rootfs}/etc/hotplug.d \
         ${rootfs}/bin \
         ${rootfs}/sbin \
@@ -82,16 +83,6 @@ install_busybox()
         for dev in tty console tty0 tty1 ram0 null urandom; do
             echo "lxc.mount.entry = /dev/${dev} dev/${dev} none bind,optional,create=file 0 0" >> "${path}/config"
         done
-    else
-        mknod -m 666 "${rootfs}/dev/tty" c 5 0       || res=1
-        mknod -m 666 "${rootfs}/dev/console" c 5 1   || res=1
-        mknod -m 666 "${rootfs}/dev/tty0" c 4 0      || res=1
-        mknod -m 666 "${rootfs}/dev/tty1" c 4 0      || res=1
-        mknod -m 666 "${rootfs}/dev/tty5" c 4 0      || res=1
-        mknod -m 600 "${rootfs}/dev/ram0" b 1 0      || res=1
-        mknod -m 666 "${rootfs}/dev/null" c 1 3      || res=1
-        mknod -m 666 "${rootfs}/dev/zero" c 1 5      || res=1
-        mknod -m 666 "${rootfs}/dev/urandom" c 1 9   || res=1
     fi
 
     # make /tmp accessible to any user (with sticky bit)
@@ -264,16 +255,42 @@ copy_configuration()
 
     grep -q "^lxc.rootfs.path" "${path}/config" 2>/dev/null || echo "lxc.rootfs.path = ${rootfs}" >> "${path}/config"
     cat <<EOF >> "${path}/config"
-lxc.signal.halt = SIGUSR1
-lxc.signal.reboot = SIGTERM
 lxc.uts.name = "${name}"
-lxc.tty.max = 1
-lxc.pty.max = 1
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
-
+lxc.cap.drop = mac_admin
+lxc.cap.drop = mac_override
+lxc.cap.drop = sys_admin
+lxc.cap.drop = sys_boot
+lxc.cap.drop = sys_module
+lxc.cap.drop = sys_nice
+lxc.cap.drop = sys_pacct
+lxc.cap.drop = sys_ptrace
+lxc.cap.drop = sys_rawio
+lxc.cap.drop = sys_resource
+lxc.cap.drop = sys_time
+lxc.cap.drop = sys_tty_config
+lxc.cap.drop = syslog
+lxc.cap.drop = wake_alarm
+
+lxc.cgroup.devices.deny = a
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+lxc.cgroup.devices.allow = c 5:1 rwm
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 4:0 rwm
+lxc.cgroup.devices.allow = c 4:1 rwm
+lxc.cgroup.devices.allow = c 1:9 rwm
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+lxc.cgroup.devices.allow = c 5:2 rwm
+lxc.cgroup.devices.allow = c 254:0 rwm
+lxc.cgroup.devices.allow = c 10:200 rwm
+
+lxc.autodev = 1
+lxc.console.buffer.size = auto
+lxc.tty.max = 5
+lxc.pty.max = 5
 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
-lxc.mount.entry = shm dev/shm tmpfs defaults,create=dir 0 0
-lxc.mount.entry = mqueue dev/mqueue mqueue defaults,optional,create=dir 0 0
+
 lxc.net.0.type = veth
 lxc.net.0.flags = up
 lxc.net.0.link = br-lan