[lxc-devel] [PATCH] apparmor: Update profiles for current upstream parser
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Apr 4 21:30:26 UTC 2014
Quoting Stéphane Graber (stgraber at ubuntu.com):
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> config/apparmor/abstractions/container-base | 5 +++++
> config/apparmor/abstractions/container-base.in | 5 +++++
> config/apparmor/abstractions/start-container | 5 +++++
> 3 files changed, 15 insertions(+)
>
> diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base
> index d094aab..f5eaca7 100644
> --- a/config/apparmor/abstractions/container-base
> +++ b/config/apparmor/abstractions/container-base
> @@ -2,7 +2,12 @@
> capability,
> file,
> umount,
> +
> + # The following 3 entries are only supported by recent apparmor versions.
> + # Comment them if the apparmor parser doesn't recognize them.
> dbus,
> + signal,
> + ptrace,
>
> # ignore DENIED message on / remount
> deny mount options=(ro, remount) -> /,
> diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
> index 84eadd0..17be297 100644
> --- a/config/apparmor/abstractions/container-base.in
> +++ b/config/apparmor/abstractions/container-base.in
> @@ -2,7 +2,12 @@
> capability,
> file,
> umount,
> +
> + # The following 3 entries are only supported by recent apparmor versions.
> + # Comment them if the apparmor parser doesn't recognize them.
> dbus,
> + signal,
> + ptrace,
>
> # ignore DENIED message on / remount
> deny mount options=(ro, remount) -> /,
> diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container
> index 56a8ec3..d10996b 100644
> --- a/config/apparmor/abstractions/start-container
> +++ b/config/apparmor/abstractions/start-container
> @@ -1,7 +1,12 @@
> network,
> capability,
> file,
> +
> + # The following 3 entries are only supported by recent apparmor versions.
> + # Comment them if the apparmor parser doesn't recognize them.
> dbus,
> + signal,
> + ptrace,
>
> # currently blocked by apparmor bug
> mount -> /usr/lib/*/lxc/{**,},
> --
> 1.9.1
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list