[lxc-devel] [lxd/master] apparmor: Support new stacking syntax
stgraber on Github
lxc-bot at linuxcontainers.org
Fri Aug 25 17:56:33 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170825/947b0c90/attachment.bin>
-------------- next part --------------
From 09e0667c0fa3280d8370cee479de8a9cc938e187 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 25 Aug 2017 13:50:07 -0400
Subject: [PATCH] apparmor: Support new stacking syntax
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/apparmor.go | 1 +
test/suites/basic.sh | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/lxd/apparmor.go b/lxd/apparmor.go
index 47a188139..f2920f421 100644
--- a/lxd/apparmor.go
+++ b/lxd/apparmor.go
@@ -347,6 +347,7 @@ func getAAProfileContent(c container) string {
deny /sys/kernel/security?*{,/**} wklx,
deny /sys/kernel?*{,/**} wklx,
`
+ profile += fmt.Sprintf(" change_profile -> \":%s:*\",\n", AANamespace(c))
profile += fmt.Sprintf(" change_profile -> \":%s://*\",\n", AANamespace(c))
} else {
profile += "\n ### Feature: apparmor stacking (not present)\n"
diff --git a/test/suites/basic.sh b/test/suites/basic.sh
index 0b18c13fe..5ea57c721 100644
--- a/test/suites/basic.sh
+++ b/test/suites/basic.sh
@@ -365,7 +365,7 @@ test_basic_usage() {
if [ "${MAJOR}" -gt "1" ] || ([ "${MAJOR}" = "1" ] && [ "${MINOR}" -ge "2" ]); then
aa_namespace="lxd-lxd-apparmor-test_<$(echo "${LXD_DIR}" | sed -e 's/\//-/g' -e 's/^.//')>"
- aa-status | grep ":${aa_namespace}://unconfined"
+ aa-status | grep -q ":${aa_namespace}:unconfined" || aa-status | grep -q ":${aa_namespace}://unconfined"
lxc stop lxd-apparmor-test --force
! aa-status | grep -q ":${aa_namespace}:"
else
More information about the lxc-devel
mailing list