[lxc-devel] [lxc/lxc] fe4de9: refactor AppArmor into LSM backend, add SELinux su...
GitHub
noreply at github.com
Wed Sep 25 22:12:55 UTC 2013
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: fe4de9a66d112cb9ddd5977dcce075323f29a39a
https://github.com/lxc/lxc/commit/fe4de9a66d112cb9ddd5977dcce075323f29a39a
Author: Dwight Engen <dwight.engen at oracle.com>
Date: 2013-09-25 (Wed, 25 Sep 2013)
Changed paths:
M configure.ac
M doc/lxc.conf.sgml.in
M src/lxc/Makefile.am
R src/lxc/apparmor.c
R src/lxc/apparmor.h
M src/lxc/attach.c
M src/lxc/attach.h
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
A src/lxc/lsm/apparmor.c
A src/lxc/lsm/lsm.c
A src/lxc/lsm/lsm.h
A src/lxc/lsm/nop.c
A src/lxc/lsm/selinux.c
M src/lxc/start.c
M src/lxc/start.h
M templates/lxc-oracle.in
Log Message:
-----------
refactor AppArmor into LSM backend, add SELinux support
Currently, a maximum of one LSM within LXC will be initialized and
used. If in the future stacked LSMs become a reality, we can support it
without changing the configuration syntax and add support for more than
a single LSM at a time to the lsm code.
Generic LXC code should note that lsm_process_label_set() will take
effect "now" for AppArmor, and upon exec() for SELinux.
- fix Oracle template mounting of proc and sysfs, needed when using SELinux
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
More information about the lxc-devel
mailing list