[lxc-devel] [lxd/master] lxd/apparmor: Prevent writes to /proc/acpi/**
stgraber on Github
lxc-bot at linuxcontainers.org
Tue Aug 27 19:35:32 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 402 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190827/b51e55bd/attachment.bin>
-------------- next part --------------
From 1dc64a11dbce98d71289b01a5811347a5b79c45e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 27 Aug 2019 13:34:57 -0600
Subject: [PATCH] lxd/apparmor: Prevent writes to /proc/acpi/**
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Matches https://github.com/lxc/lxc/pull/3117
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/apparmor.go | 1 +
1 file changed, 1 insertion(+)
diff --git a/lxd/apparmor.go b/lxd/apparmor.go
index f0392de64f..46037ff32f 100644
--- a/lxd/apparmor.go
+++ b/lxd/apparmor.go
@@ -76,6 +76,7 @@ const AA_PROFILE_BASE = `
deny /proc/bus/** wklx,
deny /proc/kcore rwklx,
deny /proc/sysrq-trigger rwklx,
+ deny /proc/acpi/** rwklx,
deny /proc/sys/fs/** wklx,
# Handle securityfs (access handled separately)
More information about the lxc-devel
mailing list