]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fe3c80a)
allow cgroupfs mounts under /sys/fs/cgroup 777/head
authorSerge Hallyn <serge.hallyn@ubuntu.com>
Thu, 28 Jan 2016 16:48:55 +0000 (17:48 +0100)
committerSerge Hallyn <serge.hallyn@ubuntu.com>
Thu, 28 Jan 2016 16:49:43 +0000 (17:49 +0100)
Systemd needs to be able to do these, and it does not bypass
any of our apparmor rules.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
config/apparmor/abstractions/container-base.in patch | blob | blame | history

diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
index 235913b52763844e075da16645af5ad1ce871afb..1121256d7fff2b7e52080308068a1aef9df1014f 100644 (file)
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -86,4 +86,5 @@
   deny /sys/firmware/efi/efivars/** rwklx,
   deny /sys/kernel/security/** rwklx,
   mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
+  mount fstype=cgroup -> /sys/fs/cgroup/**,
 
Mirror of https://github.com/lxc/lxc.git