/* The following are off by default: */
LXC_ATTACH_REMOUNT_PROC_SYS = 0x00010000, /*!< Remount /proc filesystem */
- LXC_ATTACH_LSM_NOW = 0x00020000, /*!< FIXME: unknown */
+ LXC_ATTACH_LSM_NOW = 0x00020000, /*!< TODO: currently unused */
/* Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges. */
LXC_ATTACH_NO_NEW_PRIVS = 0x00040000, /*!< PR_SET_NO_NEW_PRIVS */
LXC_ATTACH_TERMINAL = 0x00080000, /*!< Allocate new terminal for attached process. */
" deny /sys/kernel/debug/{,**} rwklx,\n"
"\n"
" # allow paths to be made slave, shared, private or unbindable\n"
-" # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.\n"
+" # TODO: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.\n"
"# mount options=(rw,make-slave) -> **,\n"
"# mount options=(rw,make-rslave) -> **,\n"
"# mount options=(rw,make-shared) -> **,\n"
" mount /var/lib/lxd/shmounts/ -> /var/lib/lxd/shmounts/,\n"
" mount options=bind /var/lib/lxd/shmounts/** -> /var/lib/lxd/**,\n"
"\n"
-" # FIXME: There doesn't seem to be a way to ask for:\n"
+" # TODO: There doesn't seem to be a way to ask for:\n"
" # mount options=(ro,nosuid,nodev,noexec,remount,bind),\n"
" # as we always get mount to $cdir/proc/sys with those flags denied\n"
" # So allow all mounts until that is straightened out:\n"
return full;
}
-/* FIXME: This is currently run only in the context of a constructor (via the
+/* TODO: This is currently run only in the context of a constructor (via the
* initial lsm_init() called due to its __attribute__((constructor)), so we
* do not have ERROR/... macros available, so there are some fprintf(stderr)s
* in there.
lxc_pclose(parserpipe);
/* We stay silent for now as this most likely means the shell
* lxc_popen executed failed to find the apparmor_parser binary.
- * See the FIXME comment above for details.
+ * See the TODO comment above for details.
*/
return false;
}
projects / thirdparty / lxc.git / commitdiff
