[lxc-devel] [PATCH] apparmor: Use more generic allow rule for pivot
Stéphane Graber
stgraber at ubuntu.com
Tue Apr 8 17:18:57 UTC 2014
Recent fixes in the apparmor kernel code is now making at least the CI
environment and quite possibly some others fail due to an invalid path
in the pivot_root stanza.
So update both lines to allow a more generic pivot_root call for
anything in LXC's work directory.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
config/apparmor/abstractions/start-container | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container
index d10996b..5d8822a 100644
--- a/config/apparmor/abstractions/start-container
+++ b/config/apparmor/abstractions/start-container
@@ -28,8 +28,8 @@
umount,
#umount /mnt/{**,},
- pivot_root /usr/lib/*/lxc/,
- pivot_root /usr/lib/lxc/root/,
+ pivot_root /usr/lib/lxc/**,
+ pivot_root /usr/lib/*/lxc/**,
change_profile -> lxc-*,
change_profile -> unconfined,
--
1.9.1
More information about the lxc-devel
mailing list