lxc-copy can start container as lxc-start does in some cases,
so we need to have the same profile for it.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
output: 'usr.bin.lxc-start',
install: true,
install_dir: join_paths(sysconfdir, 'apparmor.d'))
+
+ configure_file(
+ configuration: dummy_config_data,
+ input: 'usr.bin.lxc-copy',
+ output: 'usr.bin.lxc-copy',
+ install: true,
+ install_dir: join_paths(sysconfdir, 'apparmor.d'))
endif
--- /dev/null
+#include <tunables/global>
+
+/usr/bin/lxc-copy flags=(attach_disconnected) {
+ #include <abstractions/lxc/start-container>
+}
SYSF=/sys/kernel/security/apparmor/features/mount/mask
if [ -f $SYSF ]; then
if [ -x /lib/apparmor/profile-load ]; then
+ /lib/apparmor/profile-load usr.bin.lxc-copy
/lib/apparmor/profile-load usr.bin.lxc-start
/lib/apparmor/profile-load lxc-containers
elif [ -x /lib/init/apparmor-profile-load ]; then
+ /lib/init/apparmor-profile-load usr.bin.lxc-copy
/lib/init/apparmor-profile-load usr.bin.lxc-start
/lib/init/apparmor-profile-load lxc-containers
fi
projects / thirdparty / lxc.git / commitdiff
