Add lxc.aa_profile example to all templates

LXC has optional apparmor support, default profile is lxc-container-default.
This change adds a commented "lxc.aa_profile = default" line to all templates,
uncommenting this will bypass apparmor for the container.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

templates/lxc-altlinux.in

@@ -245,6 +245,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs_path
 lxc.mount  = $config_path/fstab
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 #networking
 lxc.network.type = $lxc_network_type
 lxc.network.flags = up

templates/lxc-archlinux.in

@@ -224,6 +224,10 @@ lxc.tty=4
 lxc.pts=1024
 lxc.rootfs=${rootfs_path}
 lxc.mount=${config_path}/fstab
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 #networking
 lxc.network.type=${lxc_network_type}
 lxc.network.flags=up

templates/lxc-busybox.in

@@ -233,6 +233,9 @@ lxc.utsname = $name
 lxc.tty = 1
 lxc.pts = 1
 lxc.rootfs = $rootfs
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 EOF
 
 if [ -d "$rootfs/lib" ]; then

templates/lxc-debian.in

@@ -205,6 +205,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.utsname = $hostname
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm

templates/lxc-fedora.in

@@ -237,6 +237,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs_path
 lxc.mount  = $config_path/fstab
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 #networking
 lxc.network.type = $lxc_network_type
 lxc.network.flags = up

templates/lxc-lenny.in

@@ -183,6 +183,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.cgroup.devices.deny = a
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm
 lxc.cgroup.devices.allow = c 1:5 rwm

templates/lxc-opensuse.in

@@ -262,6 +262,9 @@ lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.mount  = $path/fstab
 
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm

templates/lxc-sshd.in

@@ -101,6 +101,10 @@ cat <<EOF >> $path/config
 lxc.utsname = $name
 lxc.pts = 1024
 lxc.rootfs = $rootfs
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 lxc.mount.entry=/dev dev none ro,bind 0 0
 lxc.mount.entry=/lib lib none ro,bind 0 0
 lxc.mount.entry=/bin bin none ro,bind 0 0

templates/lxc-ubuntu-cloud.in

@@ -57,6 +57,9 @@ lxc.arch = $arch
 lxc.cap.drop = sys_module mac_admin
 lxc.pivotdir = lxc_putold
 
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)
 lxc.cgroup.devices.allow = c *:* m

templates/lxc-ubuntu.in

@@ -315,6 +315,9 @@ lxc.arch = $arch
 lxc.cap.drop = sys_module mac_admin mac_override
 lxc.pivotdir = lxc_putold
 
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)
 lxc.cgroup.devices.allow = c *:* m