proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 11:13:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

AppArmor: add make-rslave to usr.bin.lxc-start

Browse Source 
The profile already contains
  mount options=(rw, make-slave) -> **,

Which allows going through all mountpoints with make-slave,
so it seems to make sense to also allow the directly
recursive variant with "make-rslave".

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Wolfgang Bumiller 2016-06-27 16:20:00 -04:00 committed by Stéphane Graber
parent 42c6b8d809
commit 667cfb7c2d
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/apparmor/abstractions/start-container
View File

@ -15,6 +15,7 @@
mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
mount options=bind /dev/pts/** -> /dev/**,
mount options=(rw, make-slave) -> **,
mount options=(rw, make-rslave) -> **,
mount fstype=debugfs,
# allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
mount -> /var/lib/lxc/{**,},