lxc.container.conf / apparmor : document cgns profile

Also document 'unchanged' which we had never documented before. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2025-06-14 16:47:06 +00:00 · 2016-02-21 20:46:58 -08:00 · 2016-02-21 20:46:58 -08:00 · 7a126ae1f2
commit 7a126ae1f2
parent 787ff6e2d2
1 changed files with 8 additions and 1 deletions
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@ -1169,7 +1169,9 @@ proc proc proc nodev,noexec,nosuid 0 0
        If lxc was compiled and installed with apparmor support, and the host
        system has apparmor enabled, then the apparmor profile under which the
        container should be run can be specified in the container
-        configuration.  The default is <command>lxc-container-default</command>.
+        configuration.  The default is <command>lxc-container-default-cgns</command>
+	if the host kernel is cgroup namespace aware, or
+	<command>lxc-container-default</command> othewise.
      </para>
      <variablelist>
        <varlistentry>
@ -1183,6 +1185,11 @@ proc proc proc nodev,noexec,nosuid 0 0
              use
            </para>
              <programlisting>lxc.aa_profile = unconfined</programlisting>
+            <para>
+              If the apparmor profile should remain unchanged (i.e. if you
+	      are nesting containers and are already confined), then use
+            </para>
+              <programlisting>lxc.aa_profile = unchanged</programlisting>
          </listitem>
        </varlistentry>
        <varlistentry>