[lxc-devel] [PATCH v2 rebased against github master 9d0cda4f] refactor AppArmor into LSM backend, add SELinux support

[Serge Hallyn]

Quoting Dwight Engen (dwight.engen at oracle.com):
> Currently, a maximum of one LSM within LXC will be initialized and
> used. If in the future stacked LSMs become a reality, we can support it
> without changing the configuration syntax and add support for more than
> a single LSM at a time to the lsm code.
> 
> Generic LXC code should note that lsm_process_label_set() will take
> effect "now" for AppArmor, and upon exec() for SELinux.

Ah, that's right, lxc-attach doesn't always exec a new task, right?
So that's where the selinux behavior may be a problem.

-serge