cgmanager: container-base apparmor abstraction: allow mount move

author Serge Hallyn <serge.hallyn@ubuntu.com>

Mon, 3 Feb 2014 21:16:31 +0000 (15:16 -0600)

committer Serge Hallyn <serge.hallyn@ubuntu.com>

Mon, 3 Feb 2014 21:17:43 +0000 (15:17 -0600)
author Serge Hallyn <serge.hallyn@ubuntu.com>
Mon, 3 Feb 2014 21:16:31 +0000 (15:16 -0600)
committer Serge Hallyn <serge.hallyn@ubuntu.com>
Mon, 3 Feb 2014 21:17:43 +0000 (15:17 -0600)
diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base

index 9db94e782454c976a70de26f318c003812b09577..d1cd84a4eca9920f1bac26e54f68830f924676e1 100644 (file)
--- a/config/apparmor/abstractions/container-base
+++ b/config/apparmor/abstractions/container-base
@@ -48,3 +48,4 @@
    deny /sys/fs/cg[^r]*/** wklx,
    deny /sys/firmware/efi/efivars/** rwklx,
    deny /sys/kernel/security/** rwklx,
+  mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Mon, 3 Feb 2014 21:16:31 +0000 (15:16 -0600)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Mon, 3 Feb 2014 21:17:43 +0000 (15:17 -0600)