[lxc-devel] [lxc/lxc] 537188: prevent containers from reading /sys/kernel/debug

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 537188a8eefd6df82995e71f453fce4d6622b110
      https://github.com/lxc/lxc/commit/537188a8eefd6df82995e71f453fce4d6622b110
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2016-03-07 (Mon, 07 Mar 2016)

  Changed paths:
    M config/apparmor/abstractions/container-base
    M config/apparmor/abstractions/container-base.in

  Log Message:
  -----------
  prevent containers from reading /sys/kernel/debug

Unprivileged containers cannot read it anyway, but also prevent root
owned containers from doing so.  Sadly upstart's mountall won't run
if we try to prevent it from being mounted at all.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: d551c8cb3f01d27cbf41175332ca20a0c53555dc
      https://github.com/lxc/lxc/commit/d551c8cb3f01d27cbf41175332ca20a0c53555dc
  Author: Stéphane Graber <stgraber at stgraber.org>
  Date:   2016-03-07 (Mon, 07 Mar 2016)

  Changed paths:
    M config/apparmor/abstractions/container-base
    M config/apparmor/abstractions/container-base.in

  Log Message:
  -----------
  Merge pull request #879 from hallyn/2016-03-07/debug.aa

prevent containers from reading /sys/kernel/debug


Compare: https://github.com/lxc/lxc/compare/215486610e2b...d551c8cb3f01