proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 16:18:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

systemd: Load AppArmor profiles if necessary/supported

Browse Source 
On Ubuntu we need to set up the AppArmor profiles also under systemd.
Add a new helper "lxc-apparmor-load" and integrate it into lxc.service.

Signed-off-by: Martin Pitt <martin.pitt@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Martin Pitt 2014-08-01 07:00:34 +02:00 committed by Stéphane Graber
parent 84b3775a09
commit 2b24e2ff84
3 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/init/systemd/Makefile.am
View File

@ -1,5 +1,6 @@
EXTRA_DIST = \ EXTRA_DIST = \
lxc-devsetup \ lxc-devsetup \
lxc-apparmor-load \
lxc.service.in \ lxc.service.in \
lxc-net.service.in \ lxc-net.service.in \
$(NULL) $(NULL)
@ -15,7 +16,7 @@ lxc-autostart-helper: ../sysvinit/lxc.in $(top_builddir)/config.status
mv $@-t $@ mv $@-t $@
BUILT_SOURCES = lxc-autostart-helper lxc.service lxc-net.service BUILT_SOURCES = lxc-autostart-helper lxc.service lxc-net.service
install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-autostart-helper install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load lxc-autostart-helper
$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
$(INSTALL_DATA) lxc.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ $(INSTALL_DATA) lxc.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
@ -24,7 +25,7 @@ uninstall-systemd:
rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc-net.service rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc-net.service
rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || : rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
pkglibexec_SCRIPTS = lxc-devsetup lxc-autostart-helper pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load lxc-autostart-helper
install-data-local: install-systemd install-data-local: install-systemd
uninstall-local: uninstall-systemd uninstall-local: uninstall-systemd

14
config/init/systemd/lxc-apparmor-load Executable file
View File

@ -0,0 +1,14 @@
#!/bin/sh
# lxc-apparmor-load: Load AppArmor profiles, if supported by the system
set -eu
# don't load profiles if mount mediation is not supported
SYSF=/sys/kernel/security/apparmor/features/mount/mask
if [ -f $SYSF ]; then
if [ -x /lib/init/apparmor-profile-load ]; then
/lib/init/apparmor-profile-load usr.bin.lxc-start
/lib/init/apparmor-profile-load lxc-containers
fi
fi

1
config/init/systemd/lxc.service.in
View File

@ -7,6 +7,7 @@ Wants=lxc-net.service
Type=oneshot Type=oneshot
RemainAfterExit=yes RemainAfterExit=yes
ExecStartPre=@LIBEXECDIR@/lxc/lxc-devsetup ExecStartPre=@LIBEXECDIR@/lxc/lxc-devsetup
ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load
ExecStart=@LIBEXECDIR@/lxc/lxc-autostart-helper start ExecStart=@LIBEXECDIR@/lxc/lxc-autostart-helper start
ExecStop=@LIBEXECDIR@/lxc/lxc-autostart-helper stop ExecStop=@LIBEXECDIR@/lxc/lxc-autostart-helper stop
# Environment=BOOTUP=serial # Environment=BOOTUP=serial