[lxc-devel] [PATCH 1/1] apparmor: support lxc.ttydir when bind-mounting ptys
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Jan 29 23:50:41 UTC 2015
Because we now create the ttys from inside the container, we had to
add an apparmor rule for start-container to bind-mount /dev/pts/** -> /dev/tty*/.
However that's not sufficient if the container sets lxc.ttydir, in
which case we need to support mounting onto files in subdirs of /dev.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
config/apparmor/abstractions/start-container | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container
index 0d02379..b06a84d 100644
--- a/config/apparmor/abstractions/start-container
+++ b/config/apparmor/abstractions/start-container
@@ -13,7 +13,7 @@
mount -> /usr/lib/lxc/{**,},
mount fstype=devpts -> /dev/pts/,
mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
- mount options=bind /dev/pts/** -> /dev/tty*/,
+ mount options=bind /dev/pts/** -> /dev/**,
mount options=(rw, make-slave) -> **,
mount fstype=debugfs,
# allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
--
2.1.0
More information about the lxc-devel
mailing list