proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-17 19:49:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #794 from Blub/next

Browse Source 
apparmor: allow binding /run/{,lock/} -> /var/run/{,lock/}
This commit is contained in:
Christian Brauner 2016-02-02 11:06:03 +00:00
commit 81db418925
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/apparmor/abstractions/container-base.in
View File

@ -62,6 +62,10 @@
# allow bind mount of /lib/init/fstab for lxcguest # allow bind mount of /lib/init/fstab for lxcguest
mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/,
# allow bind mounts of /run/{,lock} to /var/run/{,lock}
mount options=(rw, bind) /run/ -> /var/run/,
mount options=(rw, bind) /run/lock/ -> /var/lock/,
# deny writes in /proc/sys/fs but allow binfmt_misc to be mounted # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted
mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
deny @{PROC}/sys/fs/** wklx, deny @{PROC}/sys/fs/** wklx,