[lxc-devel] [PATCH] apparmor: Update profiles for current upstream parser

Serge Hallyn serge.hallyn at ubuntu.com
Fri Apr 4 21:30:26 UTC 2014


Quoting Stéphane Graber (stgraber at ubuntu.com):
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

> ---
>  config/apparmor/abstractions/container-base    | 5 +++++
>  config/apparmor/abstractions/container-base.in | 5 +++++
>  config/apparmor/abstractions/start-container   | 5 +++++
>  3 files changed, 15 insertions(+)
> 
> diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base
> index d094aab..f5eaca7 100644
> --- a/config/apparmor/abstractions/container-base
> +++ b/config/apparmor/abstractions/container-base
> @@ -2,7 +2,12 @@
>    capability,
>    file,
>    umount,
> +
> +  # The following 3 entries are only supported by recent apparmor versions.
> +  # Comment them if the apparmor parser doesn't recognize them.
>    dbus,
> +  signal,
> +  ptrace,
>  
>    # ignore DENIED message on / remount
>    deny mount options=(ro, remount) -> /,
> diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
> index 84eadd0..17be297 100644
> --- a/config/apparmor/abstractions/container-base.in
> +++ b/config/apparmor/abstractions/container-base.in
> @@ -2,7 +2,12 @@
>    capability,
>    file,
>    umount,
> +
> +  # The following 3 entries are only supported by recent apparmor versions.
> +  # Comment them if the apparmor parser doesn't recognize them.
>    dbus,
> +  signal,
> +  ptrace,
>  
>    # ignore DENIED message on / remount
>    deny mount options=(ro, remount) -> /,
> diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container
> index 56a8ec3..d10996b 100644
> --- a/config/apparmor/abstractions/start-container
> +++ b/config/apparmor/abstractions/start-container
> @@ -1,7 +1,12 @@
>    network,
>    capability,
>    file,
> +
> +  # The following 3 entries are only supported by recent apparmor versions.
> +  # Comment them if the apparmor parser doesn't recognize them.
>    dbus,
> +  signal,
> +  ptrace,
>  
>    # currently blocked by apparmor bug
>    mount -> /usr/lib/*/lxc/{**,},
> -- 
> 1.9.1
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel


More information about the lxc-devel mailing list