[lxc-devel] [lxc/lxc] fe4de9: refactor AppArmor into LSM backend, add SELinux su...

GitHub noreply at github.com
Wed Sep 25 22:12:55 UTC 2013


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: fe4de9a66d112cb9ddd5977dcce075323f29a39a
      https://github.com/lxc/lxc/commit/fe4de9a66d112cb9ddd5977dcce075323f29a39a
  Author: Dwight Engen <dwight.engen at oracle.com>
  Date:   2013-09-25 (Wed, 25 Sep 2013)

  Changed paths:
    M configure.ac
    M doc/lxc.conf.sgml.in
    M src/lxc/Makefile.am
    R src/lxc/apparmor.c
    R src/lxc/apparmor.h
    M src/lxc/attach.c
    M src/lxc/attach.h
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/confile.c
    A src/lxc/lsm/apparmor.c
    A src/lxc/lsm/lsm.c
    A src/lxc/lsm/lsm.h
    A src/lxc/lsm/nop.c
    A src/lxc/lsm/selinux.c
    M src/lxc/start.c
    M src/lxc/start.h
    M templates/lxc-oracle.in

  Log Message:
  -----------
  refactor AppArmor into LSM backend, add SELinux support

Currently, a maximum of one LSM within LXC will be initialized and
used. If in the future stacked LSMs become a reality, we can support it
without changing the configuration syntax and add support for more than
a single LSM at a time to the lsm code.

Generic LXC code should note that lsm_process_label_set() will take
effect "now" for AppArmor, and upon exec() for SELinux.

- fix Oracle template mounting of proc and sysfs, needed when using SELinux

Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>





More information about the lxc-devel mailing list