[lxc-devel] [lxc/lxc] e96e7a: apparmor: Allow bind-mounts and {r}shared/{r}priva...
GitHub
noreply at github.com
Thu Jun 23 21:28:20 UTC 2016
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: e96e7a1ac7ec693fb5141720cf4d2ec3edcc45c1
https://github.com/lxc/lxc/commit/e96e7a1ac7ec693fb5141720cf4d2ec3edcc45c1
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2016-06-23 (Thu, 23 Jun 2016)
Changed paths:
M config/apparmor/abstractions/container-base
M config/apparmor/abstractions/container-base.in
Log Message:
-----------
apparmor: Allow bind-mounts and {r}shared/{r}private
Bind-mounts aren't harmful in containers, so long as they're not used to
bypass MAC policies.
This change allows bind-mounting of any path which isn't a dangerous
filesystem that's otherwise blocked by apparmor.
This also allows switching paths {r}shared or {r}private.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 18f9cbeea741291d91dd3e2ac8d6e0502359ccbd
https://github.com/lxc/lxc/commit/18f9cbeea741291d91dd3e2ac8d6e0502359ccbd
Author: Christian Brauner <cbrauner at suse.de>
Date: 2016-06-23 (Thu, 23 Jun 2016)
Changed paths:
M config/apparmor/abstractions/container-base
M config/apparmor/abstractions/container-base.in
Log Message:
-----------
Merge pull request #1055 from stgraber/master
apparmor: Allow bind-mounts and {r}shared/{r}private
Compare: https://github.com/lxc/lxc/compare/2323b39d4840...18f9cbeea741
More information about the lxc-devel
mailing list