From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Sun, 21 Feb 2016 23:52:07 +0000 (-0800)
Subject: allow cgroup mounting in nesting profile
X-Git-Tag: lxc-2.0.0.rc2~3^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=787ff6e2d2e534926e4f70de4cd49aa15ec41c58;p=thirdparty%2Flxc.git

allow cgroup mounting in nesting profile

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/config/apparmor/profiles/lxc-default-with-nesting b/config/apparmor/profiles/lxc-default-with-nesting
index 66aa5fd7d..6e5745f97 100644
--- a/config/apparmor/profiles/lxc-default-with-nesting
+++ b/config/apparmor/profiles/lxc-default-with-nesting
@@ -5,12 +5,10 @@ profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_de
   #include <abstractions/lxc/container-base>
   #include <abstractions/lxc/start-container>
 
-#  Uncomment the line below if you are not using cgmanager
-#  mount fstype=cgroup -> /sys/fs/cgroup/**,
-
   deny /dev/.lxc/proc/** rw,
   deny /dev/.lxc/sys/** rw,
   mount fstype=proc -> /var/cache/lxc/**,
   mount fstype=sysfs -> /var/cache/lxc/**,
   mount options=(rw,bind),
+  mount fstype=cgroup -> /sys/fs/cgroup/**,
 }