[lxc-devel] [PATCH 1/1] apparmor: support lxc.ttydir when bind-mounting ptys
Stéphane Graber
stgraber at ubuntu.com
Fri Jan 30 00:01:39 UTC 2015
On Thu, Jan 29, 2015 at 11:50:41PM +0000, Serge Hallyn wrote:
> Because we now create the ttys from inside the container, we had to
> add an apparmor rule for start-container to bind-mount /dev/pts/** -> /dev/tty*/.
> However that's not sufficient if the container sets lxc.ttydir, in
> which case we need to support mounting onto files in subdirs of /dev.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> config/apparmor/abstractions/start-container | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container
> index 0d02379..b06a84d 100644
> --- a/config/apparmor/abstractions/start-container
> +++ b/config/apparmor/abstractions/start-container
> @@ -13,7 +13,7 @@
> mount -> /usr/lib/lxc/{**,},
> mount fstype=devpts -> /dev/pts/,
> mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
> - mount options=bind /dev/pts/** -> /dev/tty*/,
> + mount options=bind /dev/pts/** -> /dev/**,
> mount options=(rw, make-slave) -> **,
> mount fstype=debugfs,
> # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
> --
> 2.1.0
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150130/f244ecee/attachment.sig>
More information about the lxc-devel
mailing list