apparmor: allow shared mounts in start-container.in

Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
2025-08-14 09:05:44 +00:00 · 2022-11-29 20:58:14 +01:00 · 2022-11-29 20:58:14 +01:00 · 01ae6d4713
commit 01ae6d4713
parent 81d94a4eec
1 changed files with 2 additions and 0 deletions
--- a/config/apparmor/abstractions/start-container.in
+++ b/config/apparmor/abstractions/start-container.in
@ -17,6 +17,8 @@
  mount options=bind /dev/pts/** -> /dev/**,
  mount options=(rw, make-slave) -> **,
  mount options=(rw, make-rslave) -> **,
+  mount options=(rw, make-shared) -> **,
+  mount options=(rw, make-rshared) -> **,
  mount fstype=debugfs,
  # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
  mount -> /var/lib/lxc/{**,},