[lxc-devel] [PATCH] apparmor: Update profiles for current upstream parser
Stéphane Graber
stgraber at ubuntu.com
Fri Apr 4 21:15:20 UTC 2014
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
config/apparmor/abstractions/container-base | 5 +++++
config/apparmor/abstractions/container-base.in | 5 +++++
config/apparmor/abstractions/start-container | 5 +++++
3 files changed, 15 insertions(+)
diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base
index d094aab..f5eaca7 100644
--- a/config/apparmor/abstractions/container-base
+++ b/config/apparmor/abstractions/container-base
@@ -2,7 +2,12 @@
capability,
file,
umount,
+
+ # The following 3 entries are only supported by recent apparmor versions.
+ # Comment them if the apparmor parser doesn't recognize them.
dbus,
+ signal,
+ ptrace,
# ignore DENIED message on / remount
deny mount options=(ro, remount) -> /,
diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
index 84eadd0..17be297 100644
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -2,7 +2,12 @@
capability,
file,
umount,
+
+ # The following 3 entries are only supported by recent apparmor versions.
+ # Comment them if the apparmor parser doesn't recognize them.
dbus,
+ signal,
+ ptrace,
# ignore DENIED message on / remount
deny mount options=(ro, remount) -> /,
diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container
index 56a8ec3..d10996b 100644
--- a/config/apparmor/abstractions/start-container
+++ b/config/apparmor/abstractions/start-container
@@ -1,7 +1,12 @@
network,
capability,
file,
+
+ # The following 3 entries are only supported by recent apparmor versions.
+ # Comment them if the apparmor parser doesn't recognize them.
dbus,
+ signal,
+ ptrace,
# currently blocked by apparmor bug
mount -> /usr/lib/*/lxc/{**,},
--
1.9.1
More information about the lxc-devel
mailing list