proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-14 02:27:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
cb6d63a7aa
mirror_lxc/config/apparmor
History
Serge Hallyn 1b0c17462a apparmor: support lxc.ttydir when bind-mounting ptys 
Because we now create the ttys from inside the container, we had to
add an apparmor rule for start-container to bind-mount /dev/pts/** -> /dev/tty*/.
However that's not sufficient if the container sets lxc.ttydir, in
which case we need to support mounting onto files in subdirs of /dev.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
2015-01-30 01:02:06 +01:00
..
abstractions apparmor: support lxc.ttydir when bind-mounting ptys 2015-01-30 01:02:06 +01:00
profiles create lxc.tty ptys from container process 2015-01-29 11:46:02 +01:00
container-rules apparmor: allow writes to sem* and msg* sysctls 2014-04-29 16:45:16 -05:00
container-rules.base apparmor: allow writes to sem* and msg* sysctls 2014-04-29 16:45:16 -05:00
lxc-containers apparmor: Add profiles 2014-01-16 17:49:23 -05:00
lxc-generate-aa-rules.py apparmor: deny writes to most of /proc/sys (v2) 2014-04-02 09:54:54 -05:00
Makefile.am apparmor: auto-generate the blacklist rules 2014-04-01 13:49:43 -04:00
README apparmor: auto-generate the blacklist rules 2014-04-01 13:49:43 -04:00
usr.bin.lxc-start apparmor: Add profiles 2014-01-16 17:49:23 -05:00

README 

The abstractions/container-base file is partially automatically
generated.  The two source files are container-rules.base and
abstractions/container-base.in.  If these file are updated,
then

1. Generate a new container-rules file using

./lxc-generate-aa-rules.py container-rules.base > container-rules

2. Concatenate container-base.in with container-rules using

cat abstractions/container-base.in container-rules > abstractions/container-base