proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-06-15 12:59:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lxc.container.conf / apparmor : document cgns profile

Browse Source 
Also document 'unchanged' which we had never documented before.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Serge Hallyn 2016-02-21 20:46:58 -08:00
parent 787ff6e2d2
commit 7a126ae1f2
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/lxc.container.conf.sgml.in
View File

@ -1169,7 +1169,9 @@ proc proc proc nodev,noexec,nosuid 0 0
If lxc was compiled and installed with apparmor support, and the host If lxc was compiled and installed with apparmor support, and the host
system has apparmor enabled, then the apparmor profile under which the system has apparmor enabled, then the apparmor profile under which the
container should be run can be specified in the container container should be run can be specified in the container
configuration. The default is <command>lxc-container-default</command>. configuration. The default is <command>lxc-container-default-cgns</command>
if the host kernel is cgroup namespace aware, or
<command>lxc-container-default</command> othewise.
</para> </para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
@ -1183,6 +1185,11 @@ proc proc proc nodev,noexec,nosuid 0 0
use use
</para> </para>
<programlisting>lxc.aa_profile = unconfined</programlisting> <programlisting>lxc.aa_profile = unconfined</programlisting>
<para>
If the apparmor profile should remain unchanged (i.e. if you
are nesting containers and are already confined), then use
</para>
<programlisting>lxc.aa_profile = unchanged</programlisting>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>