From: Long Wang Date: Wed, 12 Jul 2017 01:53:58 +0000 (+0800) Subject: doc: s/aa_profile/apparmor.profile/g X-Git-Tag: lxc-2.1.0~49^2~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1d5fdfd9be3d4aaf9e35f04ade20df555a6e802;p=thirdparty%2Flxc.git doc: s/aa_profile/apparmor.profile/g Signed-off-by: Long Wang --- diff --git a/config/templates/debian.common.conf.in b/config/templates/debian.common.conf.in index b11f27f62..4e6a6e6a3 100644 --- a/config/templates/debian.common.conf.in +++ b/config/templates/debian.common.conf.in @@ -7,12 +7,12 @@ lxc.tty.dir = # When using LXC with apparmor, the container will be confined by default. # If you wish for it to instead run unconfined, copy the following line # (uncommented) to the container's configuration file. -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined # If you wish to allow mounting block filesystems, then use the following # line instead, and make sure to grant access to the block device and/or loop # devices below in lxc.cgroup.devices.allow. -#lxc.aa_profile = lxc-container-default-with-mounting +#lxc.apparmor.profile = lxc-container-default-with-mounting # Extra cgroup device access ## rtc diff --git a/config/templates/nesting.conf.in b/config/templates/nesting.conf.in index b712ef6bf..7620a0a84 100644 --- a/config/templates/nesting.conf.in +++ b/config/templates/nesting.conf.in @@ -1,5 +1,5 @@ # Use a profile which allows nesting -lxc.aa_profile = lxc-container-default-with-nesting +lxc.apparmor.profile = lxc-container-default-with-nesting # Add uncovered mounts of proc and sys, else unprivileged users # cannot remount those diff --git a/config/templates/ubuntu.common.conf.in b/config/templates/ubuntu.common.conf.in index a1c60d244..ff8ef6a8f 100644 --- a/config/templates/ubuntu.common.conf.in +++ b/config/templates/ubuntu.common.conf.in @@ -10,7 +10,7 @@ lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0 # When using LXC with apparmor, the container will be confined by default. # If you wish for it to instead run unconfined, copy the following line # (uncommented) to the container's configuration file. -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined # Uncomment the following line to autodetect squid-deb-proxy configuration on the # host and forward it to the guest at start time. @@ -19,7 +19,7 @@ lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0 # If you wish to allow mounting block filesystems, then use the following # line instead, and make sure to grant access to the block device and/or loop # devices below in lxc.cgroup.devices.allow. -#lxc.aa_profile = lxc-container-default-with-mounting +#lxc.apparmor.profile = lxc-container-default-with-mounting # Extra cgroup device access ## rtc diff --git a/doc/ja/lxc.container.conf.sgml.in b/doc/ja/lxc.container.conf.sgml.in index 364ecd9ab..54616b692 100644 --- a/doc/ja/lxc.container.conf.sgml.in +++ b/doc/ja/lxc.container.conf.sgml.in @@ -1690,7 +1690,7 @@ by KATOH Yasufumi - + @@ -1702,7 +1702,7 @@ by KATOH Yasufumi コンテナが従うべき apparmor プロファイルを指定します。 コンテナが apparmor による制限を受けないように設定するには、以下のように設定します。 - lxc.aa_profile = unconfined + lxc.apparmor.profile = unconfined もし apparmor プロファイルが変更されないままでなくてはならない場合 (ネストしたコンテナである場合や、すでに confined されている場合) は以下のように設定します。 - lxc.aa_profile = unchanged + lxc.apparmor.profile = unchanged diff --git a/doc/ko/lxc.container.conf.sgml.in b/doc/ko/lxc.container.conf.sgml.in index 1454addfa..49077b709 100644 --- a/doc/ko/lxc.container.conf.sgml.in +++ b/doc/ko/lxc.container.conf.sgml.in @@ -1630,7 +1630,7 @@ proc proc proc nodev,noexec,nosuid 0 0 - + @@ -1642,7 +1642,7 @@ proc proc proc nodev,noexec,nosuid 0 0 컨테이너가 따라야할 apparmor 프로파일을 지정한다. 컨테이너가 apparmor로 인한 제한을 받지 않도록 하려면, 아래와 같이 지정하면 된다. - lxc.aa_profile = unconfined + lxc.apparmor.profile = unconfined apparmor 프로파일이 변경되지 않아야 한다면(중첩 컨테이너 안에 있고, 이미 confined된 경우), 아래와 같이 지정하면 된다. - lxc.aa_profile = unchanged + lxc.apparmor.profile = unchanged diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index b59d3181f..287c8b9fe 100644 --- a/doc/lxc.container.conf.sgml.in +++ b/doc/lxc.container.conf.sgml.in @@ -1224,7 +1224,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - + @@ -1232,12 +1232,12 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA be run. To specify that the container should be unconfined, use - lxc.aa_profile = unconfined + lxc.apparmor.profile = unconfined If the apparmor profile should remain unchanged (i.e. if you are nesting containers and are already confined), then use - lxc.aa_profile = unchanged + lxc.apparmor.profile = unchanged diff --git a/src/tests/attach.c b/src/tests/attach.c index e59d8174d..985cea03b 100644 --- a/src/tests/attach.c +++ b/src/tests/attach.c @@ -55,7 +55,7 @@ static void test_lsm_detect(void) lsm_label = "unconfined_u:unconfined_r:lxc_t:s0-s0:c0.c1023"; } else if (!strcmp(lsm_name(), "AppArmor")) { - lsm_config_key = "lxc.aa_profile"; + lsm_config_key = "lxc.apparmor.profile"; if (file_exists("/proc/self/ns/cgroup")) lsm_label = "lxc-container-default-cgns"; else diff --git a/src/tests/lxc-test-apparmor-mount b/src/tests/lxc-test-apparmor-mount index 0523a80ae..390c6f46c 100755 --- a/src/tests/lxc-test-apparmor-mount +++ b/src/tests/lxc-test-apparmor-mount @@ -170,7 +170,7 @@ fi run_cmd lxc-stop -n $cname -k echo "test regular unconfined container" -echo "lxc.aa_profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config +echo "lxc.apparmor.profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config run_cmd lxc-start -n $cname -d run_cmd lxc-wait -n $cname -s RUNNING pid=`run_cmd lxc-info -p -H -n $cname` @@ -185,7 +185,7 @@ echo "masking $MOUNTSR" mount --bind $dnam $MOUNTSR echo "test default confined container" -sed -i '/aa_profile/d' $HDIR/.local/share/lxc/$cname/config +sed -i '/apparmor.profile/d' $HDIR/.local/share/lxc/$cname/config run_cmd lxc-start -n $cname -d || true sleep 3 pid=`run_cmd lxc-info -p -H -n $cname` || true @@ -196,7 +196,7 @@ if [ -n "$pid" -a "$pid" != "-1" ]; then fi echo "test regular unconfined container" -echo "lxc.aa_profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config +echo "lxc.apparmor.profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config run_cmd lxc-start -n $cname -d run_cmd lxc-wait -n $cname -s RUNNING pid=`run_cmd lxc-info -p -H -n $cname` @@ -212,7 +212,7 @@ fi run_cmd lxc-stop -n $cname -k echo "testing override" -sed -i '/aa_profile/d' $HDIR/.local/share/lxc/$cname/config +sed -i '/apparmor.profile/d' $HDIR/.local/share/lxc/$cname/config echo "lxc.apparmor.allow_incomplete = 1" >> $HDIR/.local/share/lxc/$cname/config run_cmd lxc-start -n $cname -d run_cmd lxc-wait -n $cname -s RUNNING diff --git a/templates/lxc-altlinux.in b/templates/lxc-altlinux.in index 9fde9e37c..b6de74662 100644 --- a/templates/lxc-altlinux.in +++ b/templates/lxc-altlinux.in @@ -282,7 +282,7 @@ lxc.pty.max = 1024 lxc.cap.drop = sys_module mac_admin mac_override sys_time # When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined #networking #lxc.net.0.type = $lxc_network_type diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in index c4ba27555..f27efa9ef 100644 --- a/templates/lxc-busybox.in +++ b/templates/lxc-busybox.in @@ -349,7 +349,7 @@ lxc.pty.max = 1 lxc.cap.drop = sys_module mac_admin mac_override sys_time # When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed lxc.mount.entry = shm /dev/shm tmpfs defaults 0 0 diff --git a/templates/lxc-centos.in b/templates/lxc-centos.in index f816517ee..6832133b2 100644 --- a/templates/lxc-centos.in +++ b/templates/lxc-centos.in @@ -644,7 +644,7 @@ lxc.arch = $arch lxc.uts.name = $utsname # When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined # example simple networking setup, uncomment to enable #lxc.net.0.type = $lxc_network_type diff --git a/templates/lxc-cirros.in b/templates/lxc-cirros.in index e884086a9..de79dafd8 100644 --- a/templates/lxc-cirros.in +++ b/templates/lxc-cirros.in @@ -128,7 +128,7 @@ lxc.arch = $arch lxc.cap.drop = sys_module mac_admin mac_override sys_time # When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed lxc.cgroup.devices.deny = a diff --git a/templates/lxc-fedora-legacy.in b/templates/lxc-fedora-legacy.in index 60d83afc6..512adbe5a 100644 --- a/templates/lxc-fedora-legacy.in +++ b/templates/lxc-fedora-legacy.in @@ -1130,7 +1130,7 @@ lxc.arch = $arch lxc.uts.name = $utsname # When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined # example simple networking setup, uncomment to enable #lxc.net.0.type = $lxc_network_type diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index 3191757ec..57c5569bc 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -489,7 +489,7 @@ lxc.arch = ${basearch} lxc.uts.name = ${utsname} # When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined # example simple networking setup, uncomment to enable #lxc.net.0.type = ${lxc_network_type} diff --git a/templates/lxc-openmandriva.in b/templates/lxc-openmandriva.in index 60dee6a7f..6fefb45c1 100644 --- a/templates/lxc-openmandriva.in +++ b/templates/lxc-openmandriva.in @@ -235,7 +235,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed # When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined #networking lxc.net.0.type = $lxc_network_type diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in index 25b59edad..29f9f4178 100644 --- a/templates/lxc-opensuse.in +++ b/templates/lxc-opensuse.in @@ -355,7 +355,7 @@ lxc.uts.name = $name lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed # When using LXC with apparmor, uncomment the next line to run unconfined: -lxc.aa_profile = unconfined +lxc.apparmor.profile = unconfined # example simple networking setup, uncomment to enable #lxc.net.0.type = $lxc_network_type diff --git a/templates/lxc-pld.in b/templates/lxc-pld.in index 1f4f3641e..b748cb87b 100644 --- a/templates/lxc-pld.in +++ b/templates/lxc-pld.in @@ -248,7 +248,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time lxc.autodev = $auto_dev # When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined ## Devices # Allow all devices diff --git a/templates/lxc-sshd.in b/templates/lxc-sshd.in index 3e410c3cd..e6f90ad7c 100644 --- a/templates/lxc-sshd.in +++ b/templates/lxc-sshd.in @@ -134,7 +134,7 @@ lxc.pty.max = 1024 lxc.cap.drop = sys_module mac_admin mac_override sys_time # When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined +#lxc.apparmor.profile = unconfined lxc.mount.entry = /dev dev none ro,bind 0 0 lxc.mount.entry = /lib lib none ro,bind 0 0