[lxc-devel] [lxc/lxc] c944b9: oracle template: fix selinux context on symlinks i...

GitHub noreply at github.com
Thu Oct 17 15:19:08 UTC 2013


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: c944b920f48558c59f94f93f2e561e464902b4d1
      https://github.com/lxc/lxc/commit/c944b920f48558c59f94f93f2e561e464902b4d1
  Author: Dwight Engen <dwight.engen at oracle.com>
  Date:   2013-10-17 (Thu, 17 Oct 2013)

  Changed paths:
    M templates/lxc-oracle.in

  Log Message:
  -----------
  oracle template: fix selinux context on symlinks in /dev

This fixes sshd getting an avc on traversing the /dev/ptmx symlink
(was default_t)

Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: fefddf9f9f52616972a5b25549c250fd9f709ab4
      https://github.com/lxc/lxc/commit/fefddf9f9f52616972a5b25549c250fd9f709ab4
  Author: Dwight Engen <dwight.engen at oracle.com>
  Date:   2013-10-17 (Thu, 17 Oct 2013)

  Changed paths:
    M templates/lxc-busybox.in

  Log Message:
  -----------
  fix busybox template for use with AppArmor

Ensure /proc and /sys are mounted in the container, otherwise
apparmor_enabled() will fail to find
/sys/module/apparmor/parameters/enabled

Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 9e4bf8b12aecd4629cdb3e3c7a856b54f400f8e2
      https://github.com/lxc/lxc/commit/9e4bf8b12aecd4629cdb3e3c7a856b54f400f8e2
  Author: Dwight Engen <dwight.engen at oracle.com>
  Date:   2013-10-17 (Thu, 17 Oct 2013)

  Changed paths:
    M src/lxc/lsm/apparmor.c
    M src/lxc/lsm/lsm.c
    M src/lxc/lsm/lsm.h
    M src/lxc/lsm/nop.c
    M src/lxc/lsm/selinux.c

  Log Message:
  -----------
  add lsm op for checking if an lsm is present/enabled

Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/67e5a20ad1b5...9e4bf8b12aec


More information about the lxc-devel mailing list