[lxc-devel] [PATCH 1/1] ubuntu container configs: Add comments about other apparmor profiles

Stéphane Graber stgraber at ubuntu.com
Mon Dec 9 22:02:48 UTC 2013 

On Mon, Dec 09, 2013 at 02:51:50PM -0600, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgraber at ubuntu.com):
> > On Mon, Dec 09, 2013 at 02:19:05PM -0600, Serge Hallyn wrote:
> > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> > 
> > Hmm, doesn't that duplicate the section on nesting?
> 
> Oh, feh.  So it does.  V2:
> 
> From 34c19f26bb61ef11346b06b0094331b027a0e0c3 Mon Sep 17 00:00:00 2001
> From: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon, 9 Dec 2013 14:18:19 -0600
> Subject: [PATCH 1/1] ubuntu container configs: Add comments about other
>  apparmor profiles
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  config/templates/ubuntu.common.conf.in | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/config/templates/ubuntu.common.conf.in b/config/templates/ubuntu.common.conf.in
> index ef4e818..0575321 100644
> --- a/config/templates/ubuntu.common.conf.in
> +++ b/config/templates/ubuntu.common.conf.in
> @@ -27,6 +27,11 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
>  #lxc.aa_profile = lxc-container-default-with-nesting
>  #lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
>  
> +# If you wish to allow mounting block filesystems, then use the following
> +# line instead, and make sure to grant access to the block device and/or loop
> +# devices below in lxc.cgroup.devices.allow.
> +#lxc.aa_profile = lxc-container-default-with-mounting
> +
>  # Default cgroup limits
>  lxc.cgroup.devices.deny = a
>  ## Allow any mknod (but not using the node)
> @@ -56,3 +61,6 @@ lxc.cgroup.devices.allow = c 1:7 rwm
>  lxc.cgroup.devices.allow = c 10:228 rwm
>  ## kvm
>  lxc.cgroup.devices.allow = c 10:232 rwm
> +## To use loop devices, copy the following line to the container's
> +## configuration file (uncommented).
> +#lxc.cgroup.devices.allow = b 7:* rwm
> -- 
> 1.8.5.1
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131209/f8f8ccc1/attachment.pgp>

More information about the lxc-devel mailing list