From: Stéphane Graber Date: Fri, 4 Apr 2014 21:14:58 +0000 (-0400) Subject: apparmor: Update profiles for current upstream parser X-Git-Tag: lxc-1.1.0.alpha1~169 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a31251cc5f428f96ee3d322a78556310a681e14;p=thirdparty%2Flxc.git apparmor: Update profiles for current upstream parser Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn --- diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base index 6a44e43e9..c109baad1 100644 --- a/config/apparmor/abstractions/container-base +++ b/config/apparmor/abstractions/container-base @@ -2,7 +2,12 @@ capability, file, umount, + + # The following 3 entries are only supported by recent apparmor versions. + # Comment them if the apparmor parser doesn't recognize them. dbus, + signal, + ptrace, # ignore DENIED message on / remount deny mount options=(ro, remount) -> /, diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in index 84eadd023..17be29734 100644 --- a/config/apparmor/abstractions/container-base.in +++ b/config/apparmor/abstractions/container-base.in @@ -2,7 +2,12 @@ capability, file, umount, + + # The following 3 entries are only supported by recent apparmor versions. + # Comment them if the apparmor parser doesn't recognize them. dbus, + signal, + ptrace, # ignore DENIED message on / remount deny mount options=(ro, remount) -> /, diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container index 56a8ec3f9..d10996bd7 100644 --- a/config/apparmor/abstractions/start-container +++ b/config/apparmor/abstractions/start-container @@ -1,7 +1,12 @@ network, capability, file, + + # The following 3 entries are only supported by recent apparmor versions. + # Comment them if the apparmor parser doesn't recognize them. dbus, + signal, + ptrace, # currently blocked by apparmor bug mount -> /usr/lib/*/lxc/{**,},