[lxc-devel] [PATCH 1/1] ubuntu container configs: Add comments about other apparmor profiles
Stéphane Graber
stgraber at ubuntu.com
Mon Dec 9 20:29:51 UTC 2013
On Mon, Dec 09, 2013 at 02:19:05PM -0600, Serge Hallyn wrote:
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Hmm, doesn't that duplicate the section on nesting?
> ---
> config/templates/ubuntu.common.conf.in | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/config/templates/ubuntu.common.conf.in b/config/templates/ubuntu.common.conf.in
> index ef4e818..4aeea7d 100644
> --- a/config/templates/ubuntu.common.conf.in
> +++ b/config/templates/ubuntu.common.conf.in
> @@ -21,6 +21,10 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
> # If you wish for it to instead run unconfined, copy the following line
> # (uncommented) to the container's configuration file.
> #lxc.aa_profile = unconfined
> +# If you wish to only allow starting nested containers, then use the following:
> +#lxc.aa_profile = lxc-container-default-with-nesting
> +# If you wish to allow mounting block filesystems, then use the following:
> +#lxc.aa_profile = lxc-container-default-with-mounting
>
> # To support container nesting on an Ubuntu host while retaining most of
> # apparmor's added security, use the following two lines instead.
> @@ -56,3 +60,6 @@ lxc.cgroup.devices.allow = c 1:7 rwm
> lxc.cgroup.devices.allow = c 10:228 rwm
> ## kvm
> lxc.cgroup.devices.allow = c 10:232 rwm
> +## To use loop devices, copy the following line to the container's
> +## configuration file (uncommented).
> +#lxc.cgroup.devices.allow = b 7:* rwm
> --
> 1.8.5.1
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131209/9b19fa78/attachment.pgp>
More information about the lxc-devel
mailing list