apparmor: Update profiles for current upstream parser

author Stéphane Graber <stgraber@ubuntu.com>

Fri, 4 Apr 2014 21:14:58 +0000 (17:14 -0400)

committer Stéphane Graber <stgraber@ubuntu.com>

Fri, 4 Apr 2014 21:45:35 +0000 (17:45 -0400)
author Stéphane Graber <stgraber@ubuntu.com>
Fri, 4 Apr 2014 21:14:58 +0000 (17:14 -0400)
committer Stéphane Graber <stgraber@ubuntu.com>
Fri, 4 Apr 2014 21:45:35 +0000 (17:45 -0400)
diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base

index 6a44e43e91aa32ad744f76ef92966924c2c607d4..c109baad1611c828766b7ce6e1a217c1c7709308 100644 (file)
--- a/config/apparmor/abstractions/container-base
+++ b/config/apparmor/abstractions/container-base
@@ -2,7 +2,12 @@
    capability,
    file,
    umount,
+
+  # The following 3 entries are only supported by recent apparmor versions.
+  # Comment them if the apparmor parser doesn't recognize them.
    dbus,
+  signal,
+  ptrace,
  
    # ignore DENIED message on / remount
    deny mount options=(ro, remount) -> /,
diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in

index 84eadd0232b98178fb7d1e4b68c701781dffc393..17be29734edd4fcca40fd2866a5ebcd990817e1b 100644 (file)
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -2,7 +2,12 @@
    capability,
    file,
    umount,
+
+  # The following 3 entries are only supported by recent apparmor versions.
+  # Comment them if the apparmor parser doesn't recognize them.
    dbus,
+  signal,
+  ptrace,
  
    # ignore DENIED message on / remount
    deny mount options=(ro, remount) -> /,
diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container

index 56a8ec3f9e9707a6e597e1373ec162f01a36ee69..d10996bd70e1baaf1228db31e9b56e4e051e71a4 100644 (file)
--- a/config/apparmor/abstractions/start-container
+++ b/config/apparmor/abstractions/start-container
@@ -1,7 +1,12 @@
    network,
    capability,
    file,
+
+  # The following 3 entries are only supported by recent apparmor versions.
+  # Comment them if the apparmor parser doesn't recognize them.
    dbus,
+  signal,
+  ptrace,
  
    # currently blocked by apparmor bug
    mount -> /usr/lib/*/lxc/{**,},
author	Stéphane Graber <stgraber@ubuntu.com>
	Fri, 4 Apr 2014 21:14:58 +0000 (17:14 -0400)
committer	Stéphane Graber <stgraber@ubuntu.com>
	Fri, 4 Apr 2014 21:45:35 +0000 (17:45 -0400)
config/apparmor/abstractions/container-base		patch \| blob \| blame \| history
config/apparmor/abstractions/container-base.in		patch \| blob \| blame \| history
config/apparmor/abstractions/start-container		patch \| blob \| blame \| history