apparmor: account for specified rootfs path (closes #2617)

author Cameron Nemo <camerontnorman@gmail.com>

Thu, 20 Sep 2018 22:55:21 +0000 (15:55 -0700)

committer Cameron Nemo <camerontnorman@gmail.com>

Thu, 20 Sep 2018 22:56:05 +0000 (15:56 -0700)
author Cameron Nemo <camerontnorman@gmail.com>
Thu, 20 Sep 2018 22:55:21 +0000 (15:55 -0700)
committer Cameron Nemo <camerontnorman@gmail.com>
Thu, 20 Sep 2018 22:56:05 +0000 (15:56 -0700)
diff --git a/.gitignore b/.gitignore

index 0d266c200a868bc553c6ea7e37d91c1935c5eb6d..45377714cecf9ac0b2753b6c1deb89e76564081a 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -111,6 +111,7 @@ config/ltmain.sh
  config/missing
  config/libtool.m4
  config/lt*.m4
+config/apparmor/abstractions/start-container
  config/bash/lxc
  config/init/common/lxc-containers
  config/init/common/lxc-net
diff --git a/config/apparmor/Makefile.am b/config/apparmor/Makefile.am

index 71dbe1586a1c2fece2a03203bfb67c3ee4c9a795..858f58ddeb7dcdaa8e0e2d972cf2150987c89a5d 100644 (file)
--- a/config/apparmor/Makefile.am
+++ b/config/apparmor/Makefile.am
@@ -19,7 +19,7 @@ install-apparmor:
         $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
         $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
         $(INSTALL_DATA) $(srcdir)/abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
-       $(INSTALL_DATA) $(srcdir)/abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
+       $(INSTALL_DATA) abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
         $(INSTALL_DATA) $(srcdir)/profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
         $(INSTALL_DATA) $(srcdir)/profiles/lxc-default-cgns $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
         $(INSTALL_DATA) $(srcdir)/profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container.in

similarity index 95%

rename from config/apparmor/abstractions/start-container

rename to config/apparmor/abstractions/start-container.in

index 3df9883e328001e1f76f68638cfbe3a42081193d..f2b48235dee9bc2420caead0910ff04b9bf965ea 100644 (file)
--- a/config/apparmor/abstractions/start-container
+++ b/config/apparmor/abstractions/start-container.in
@@ -11,6 +11,7 @@
    # currently blocked by apparmor bug
    mount -> /usr/lib*/*/lxc/{**,},
    mount -> /usr/lib*/lxc/{**,},
+  mount -> @LXCROOTFSMOUNT@/{,**},
    mount fstype=devpts -> /dev/pts/,
    mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
    mount options=bind /dev/pts/** -> /dev/**,
@@ -38,6 +39,7 @@
    pivot_root /usr/lib*/*/lxc/,
    pivot_root /usr/lib*/lxc/**,
    pivot_root /usr/lib*/*/lxc/**,
+  pivot_root @LXCROOTFSMOUNT@/{,**},
  
    change_profile -> lxc-*,
    change_profile -> lxc-**,
diff --git a/configure.ac b/configure.ac

index 92d6601d7591804a15e4c2ad4a373ed4f24e5f5b..a54bc33218219a8d5a5c48bc73161502d0afb3aa 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -714,6 +714,7 @@ AC_CONFIG_FILES([
  
         config/Makefile
         config/apparmor/Makefile
+       config/apparmor/abstractions/start-container
         config/selinux/Makefile
         config/bash/Makefile
         config/bash/lxc
author	Cameron Nemo <camerontnorman@gmail.com>
	Thu, 20 Sep 2018 22:55:21 +0000 (15:55 -0700)
committer	Cameron Nemo <camerontnorman@gmail.com>
	Thu, 20 Sep 2018 22:56:05 +0000 (15:56 -0700)
.gitignore		patch \| blob \| blame \| history
config/apparmor/Makefile.am		patch \| blob \| blame \| history
config/apparmor/abstractions/start-container.in	[moved from config/apparmor/abstractions/start-container with 95% similarity]	patch \| blob \| blame \| history
configure.ac		patch \| blob \| blame \| history