proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-13 23:01:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d2928eafbb
mirror_lxc/config/apparmor
History
Jamie Strandboge 807f4c9e1e apparmor: restrict signal and ptrace for processes 
Restrict signal and ptrace for processes running under the container
profile. Rules based on AppArmor base abstraction. Add unix rules for
processes running under the container profile.

Signed-off-by: Jamie Strandboge <jamie@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
2014-09-29 12:40:52 -04:00
..
abstractions apparmor: restrict signal and ptrace for processes 2014-09-29 12:40:52 -04:00
profiles apparmor: don't allow mounting cgroupfs by default 2014-04-01 13:49:39 -04:00
container-rules apparmor: allow writes to sem* and msg* sysctls 2014-04-29 16:45:16 -05:00
container-rules.base apparmor: allow writes to sem* and msg* sysctls 2014-04-29 16:45:16 -05:00
lxc-containers apparmor: Add profiles 2014-01-16 17:49:23 -05:00
lxc-generate-aa-rules.py apparmor: deny writes to most of /proc/sys (v2) 2014-04-02 09:54:54 -05:00
Makefile.am apparmor: auto-generate the blacklist rules 2014-04-01 13:49:43 -04:00
README apparmor: auto-generate the blacklist rules 2014-04-01 13:49:43 -04:00
usr.bin.lxc-start apparmor: Add profiles 2014-01-16 17:49:23 -05:00

README 

The abstractions/container-base file is partially automatically
generated.  The two source files are container-rules.base and
abstractions/container-base.in.  If these file are updated,
then

1. Generate a new container-rules file using

./lxc-generate-aa-rules.py container-rules.base > container-rules

2. Concatenate container-base.in with container-rules using

cat abstractions/container-base.in container-rules > abstractions/container-base