]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1800f92)
apparmor: allow start-container to change to lxc-**
authorWolfgang Bumiller <w.bumiller@proxmox.com>
Tue, 24 Jul 2018 14:42:26 +0000 (16:42 +0200)
committerWolfgang Bumiller <w.bumiller@proxmox.com>
Wed, 25 Jul 2018 12:40:26 +0000 (14:40 +0200)
For generated profiles with apparmor namespaces we get
profile names with slashes in them. To match those, we need
to allow changing to lxc-**, not just lxc-*.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
config/apparmor/abstractions/start-container patch | blob | blame | history

diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container
index 414d058ba81e0a5821eab66e60f118683dd4124f..3df9883e328001e1f76f68638cfbe3a42081193d 100644 (file)
--- a/config/apparmor/abstractions/start-container
+++ b/config/apparmor/abstractions/start-container
@@ -40,5 +40,6 @@
   pivot_root /usr/lib*/*/lxc/**,
 
   change_profile -> lxc-*,
+  change_profile -> lxc-**,
   change_profile -> unconfined,
   change_profile -> :lxc-*:unconfined,
Mirror of https://github.com/lxc/lxc.git