allow cgroup mounting in nesting profile

author Serge Hallyn <serge.hallyn@ubuntu.com>

Sun, 21 Feb 2016 23:52:07 +0000 (15:52 -0800)

committer Serge Hallyn <serge.hallyn@ubuntu.com>

Mon, 22 Feb 2016 04:45:04 +0000 (20:45 -0800)
author Serge Hallyn <serge.hallyn@ubuntu.com>
Sun, 21 Feb 2016 23:52:07 +0000 (15:52 -0800)
committer Serge Hallyn <serge.hallyn@ubuntu.com>
Mon, 22 Feb 2016 04:45:04 +0000 (20:45 -0800)
diff --git a/config/apparmor/profiles/lxc-default-with-nesting b/config/apparmor/profiles/lxc-default-with-nesting

index 66aa5fd7d5d3db8d0b8fccbeb7e9d6e1d05d8a79..6e5745f97f3c9c6a0e2d66b44db62c090441bcef 100644 (file)
--- a/config/apparmor/profiles/lxc-default-with-nesting
+++ b/config/apparmor/profiles/lxc-default-with-nesting
@@ -5,12 +5,10 @@ profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_de
    #include <abstractions/lxc/container-base>
    #include <abstractions/lxc/start-container>
  
-#  Uncomment the line below if you are not using cgmanager
-#  mount fstype=cgroup -> /sys/fs/cgroup/**,
-
    deny /dev/.lxc/proc/** rw,
    deny /dev/.lxc/sys/** rw,
    mount fstype=proc -> /var/cache/lxc/**,
    mount fstype=sysfs -> /var/cache/lxc/**,
    mount options=(rw,bind),
+  mount fstype=cgroup -> /sys/fs/cgroup/**,
  }
author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Sun, 21 Feb 2016 23:52:07 +0000 (15:52 -0800)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Mon, 22 Feb 2016 04:45:04 +0000 (20:45 -0800)