From: Stéphane Graber <stgraber@ubuntu.com>
Date: Tue, 16 Feb 2016 01:03:50 +0000 (-0500)
Subject: Allow sysfs remount by mountall
X-Git-Tag: lxc-1.0.9~90
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f91f524497466d61e46259bd1d0b9a9aaa4adf3f;p=thirdparty%2Flxc.git

Allow sysfs remount by mountall

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
index c0bb2977b..bb656295c 100644
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -87,6 +87,7 @@
   deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/,
   mount fstype=proc -> /proc/,
   mount fstype=sysfs -> /sys/,
+  mount options=(rw, nosuid, nodev, noexec, remount) -> /sys/,
   deny /sys/firmware/efi/efivars/** rwklx,
   deny /sys/kernel/security/** rwklx,
   mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,