[lxc-devel] [PATCH 1/3] fix busybox template for use with AppArmor
Dwight Engen
dwight.engen at oracle.com
Tue Oct 15 17:51:14 UTC 2013
Ensure /proc and /sys are mounted in the container, otherwise
apparmor_enabled() will fail to find
/sys/module/apparmor/parameters/enabled
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
---
templates/lxc-busybox.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index 12059f7..cbdaaf3 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -37,6 +37,7 @@ $rootfs/usr/bin \
$rootfs/sbin \
$rootfs/usr/sbin \
$rootfs/proc \
+$rootfs/sys \
$rootfs/mnt \
$rootfs/tmp \
$rootfs/var/log \
@@ -92,7 +93,6 @@ EOF
# mount points
cat <<EOF >> $rootfs/etc/fstab
-proc /proc proc defaults 0 0
shm /dev/shm tmpfs defaults 0 0
EOF
@@ -278,6 +278,8 @@ EOF
echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
fi
done
+ echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind 0 0" >>$path/config
+ echo "lxc.mount.auto = proc:mixed sys" >>$path/config
}
usage()
--
1.8.3.1
More information about the lxc-devel
mailing list