apparmor: allow shared mounts in start-container.in

author Christian Brauner <brauner@kernel.org>

Tue, 29 Nov 2022 19:58:14 +0000 (20:58 +0100)

committer Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>

Tue, 29 Nov 2022 19:58:14 +0000 (20:58 +0100)
author Christian Brauner <brauner@kernel.org>
Tue, 29 Nov 2022 19:58:14 +0000 (20:58 +0100)
committer Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Tue, 29 Nov 2022 19:58:14 +0000 (20:58 +0100)
diff --git a/config/apparmor/abstractions/start-container.in b/config/apparmor/abstractions/start-container.in

index 9f64c272715014ea7ba13238d1eaf33bedd58104..59dcb69ab5fd4e5501a7214cc27b3675e459bd11 100644 (file)
--- a/config/apparmor/abstractions/start-container.in
+++ b/config/apparmor/abstractions/start-container.in
@@ -17,6 +17,8 @@
    mount options=bind /dev/pts/** -> /dev/**,
    mount options=(rw, make-slave) -> **,
    mount options=(rw, make-rslave) -> **,
+  mount options=(rw, make-shared) -> **,
+  mount options=(rw, make-rshared) -> **,
    mount fstype=debugfs,
    # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
    mount -> /var/lib/lxc/{**,},
author	Christian Brauner <brauner@kernel.org>
	Tue, 29 Nov 2022 19:58:14 +0000 (20:58 +0100)
committer	Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
	Tue, 29 Nov 2022 19:58:14 +0000 (20:58 +0100)