[lxc-devel] [lxc/lxc] 94a77f: apparmor: deny writes to most of /proc/sys (v2)
GitHub
noreply at github.com
Wed Apr 2 14:56:13 UTC 2014
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 94a77f3fd8be2fb87f7d1465521fac3ec4b7e6b5
https://github.com/lxc/lxc/commit/94a77f3fd8be2fb87f7d1465521fac3ec4b7e6b5
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2014-04-02 (Wed, 02 Apr 2014)
Changed paths:
M config/apparmor/abstractions/container-base
M config/apparmor/container-rules
M config/apparmor/container-rules.base
M config/apparmor/lxc-generate-aa-rules.py
Log Message:
-----------
apparmor: deny writes to most of /proc/sys (v2)
Allow writes to kernel.shm*, net.*, kernel/domainname and
kernel/hostname,
Also fix a bug in the lxc-generate-aa-rules.py script in a
path which wasn't being exercised before, which returned a
path element rather than its child.
Changelog (v2): remove trailing / from block path
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
More information about the lxc-devel
mailing list