mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-07-14 13:38:33 +00:00
8da250dad4
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
31 lines
868 B
Plaintext
31 lines
868 B
Plaintext
network,
|
|
capability,
|
|
file,
|
|
dbus,
|
|
|
|
# currently blocked by apparmor bug
|
|
mount -> /usr/lib/*/lxc/{**,},
|
|
mount -> /usr/lib/lxc/{**,},
|
|
mount fstype=devpts -> /dev/pts/,
|
|
mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
|
|
mount fstype=debugfs,
|
|
# allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
|
|
mount -> /var/lib/lxc/{**,},
|
|
|
|
# required for some pre-mount hooks (like the new lxc-start-ephemeral)
|
|
mount fstype=overlayfs,
|
|
mount fstype=aufs,
|
|
mount fstype=ecryptfs,
|
|
|
|
# all umounts are under the original root's /mnt, but right now we
|
|
# can't allow those umounts after pivot_root. So allow all umounts
|
|
# right now. They'll be restricted for the container at least.
|
|
umount,
|
|
#umount /mnt/{**,},
|
|
|
|
pivot_root /usr/lib/*/lxc/,
|
|
pivot_root /usr/lib/lxc/root/,
|
|
|
|
change_profile -> lxc-*,
|
|
change_profile -> unconfined,
|