From: Christian Brauner <brauner@kernel.org>
Date: Tue, 29 Nov 2022 19:58:14 +0000 (+0100)
Subject: apparmor: allow shared mounts in start-container.in
X-Git-Tag: v6.0.0~81^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01ae6d4713f1dc0659999adcfa6aa75a243d18fd;p=thirdparty%2Flxc.git

apparmor: allow shared mounts in start-container.in

Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---

diff --git a/config/apparmor/abstractions/start-container.in b/config/apparmor/abstractions/start-container.in
index 9f64c2727..59dcb69ab 100644
--- a/config/apparmor/abstractions/start-container.in
+++ b/config/apparmor/abstractions/start-container.in
@@ -17,6 +17,8 @@
   mount options=bind /dev/pts/** -> /dev/**,
   mount options=(rw, make-slave) -> **,
   mount options=(rw, make-rslave) -> **,
+  mount options=(rw, make-shared) -> **,
+  mount options=(rw, make-rshared) -> **,
   mount fstype=debugfs,
   # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
   mount -> /var/lib/lxc/{**,},