[lxc-devel] [PATCH 1/2] apparmor: silence 'silent' mount denials
Stéphane Graber
stgraber at ubuntu.com
Thu Sep 25 14:46:57 UTC 2014
On Thu, Sep 25, 2014 at 02:45:53PM +0000, Serge Hallyn wrote:
>
> newer lxc uses 'silent' when remounting on shutdown. Silence that denial too
>
> Author: Jamie Strandboge <jamie at canonical.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> config/apparmor/abstractions/container-base.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
> index c82f900..096d35b 100644
> --- a/config/apparmor/abstractions/container-base.in
> +++ b/config/apparmor/abstractions/container-base.in
> @@ -11,6 +11,7 @@
>
> # ignore DENIED message on / remount
> deny mount options=(ro, remount) -> /,
> + deny mount options=(ro, remount, silent) -> /,
>
> # allow tmpfs mounts everywhere
> mount fstype=tmpfs,
> --
> 2.1.0
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140925/f2bd922f/attachment.sig>
More information about the lxc-devel
mailing list