]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f6578a7) | patch
apparmor: Allow bind-mounts and {r}shared/{r}private 1055/head
authorStéphane Graber <stgraber@ubuntu.com>
Thu, 23 Jun 2016 20:01:29 +0000 (16:01 -0400)
committerStéphane Graber <stgraber@ubuntu.com>
Thu, 23 Jun 2016 20:01:29 +0000 (16:01 -0400)
commite96e7a1ac7ec693fb5141720cf4d2ec3edcc45c1
treeaf7babf11e3654b4302d97aa6e186d4bc6d3033btree
parentf6578a7bb20a5349b8bb280def89ab7f20825292commit | diff
apparmor: Allow bind-mounts and {r}shared/{r}private

Bind-mounts aren't harmful in containers, so long as they're not used to
bypass MAC policies.

This change allows bind-mounting of any path which isn't a dangerous
filesystem that's otherwise blocked by apparmor.

This also allows switching paths {r}shared or {r}private.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
config/apparmor/abstractions/container-base diff | blob | blame | history
config/apparmor/abstractions/container-base.in diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git