proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-04-28 20:24:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow fuse mounts in apparmor start-container.

Browse Source 
Unprivledged user should be able to do fuse mounts during start-container.
Specifically this solves the problem for un-priv fuse mounting via
pre-hook.

Signed-off-by: Scott Moser <smoser@brickies.net>
This commit is contained in:
Scott Moser 2023-02-24 16:48:10 -05:00 committed by Stéphane Graber
parent c93418d985
commit c12c0acb04
No known key found for this signature in database
GPG Key ID: C638974D64792D67
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/apparmor/abstractions/start-container.in
View File

@ -20,6 +20,7 @@
mount options=(rw, make-shared) -> **, mount options=(rw, make-shared) -> **,
mount options=(rw, make-rshared) -> **, mount options=(rw, make-rshared) -> **,
mount fstype=debugfs, mount fstype=debugfs,
mount fstype=fuse.*,
# allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/ # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
mount -> /var/lib/lxc/{**,}, mount -> /var/lib/lxc/{**,},