[lxc-devel] [PATCH 1/3] fix busybox template for use with AppArmor
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Oct 16 17:00:24 UTC 2013
Quoting Dwight Engen (dwight.engen at oracle.com):
> Ensure /proc and /sys are mounted in the container, otherwise
> apparmor_enabled() will fail to find
> /sys/module/apparmor/parameters/enabled
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> templates/lxc-busybox.in | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
> index 12059f7..cbdaaf3 100644
> --- a/templates/lxc-busybox.in
> +++ b/templates/lxc-busybox.in
> @@ -37,6 +37,7 @@ $rootfs/usr/bin \
> $rootfs/sbin \
> $rootfs/usr/sbin \
> $rootfs/proc \
> +$rootfs/sys \
> $rootfs/mnt \
> $rootfs/tmp \
> $rootfs/var/log \
> @@ -92,7 +93,6 @@ EOF
>
> # mount points
> cat <<EOF >> $rootfs/etc/fstab
> -proc /proc proc defaults 0 0
> shm /dev/shm tmpfs defaults 0 0
> EOF
>
> @@ -278,6 +278,8 @@ EOF
> echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
> fi
> done
> + echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind 0 0" >>$path/config
> + echo "lxc.mount.auto = proc:mixed sys" >>$path/config
> }
>
> usage()
> --
> 1.8.3.1
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list