From: Stéphane Graber <stgraber@ubuntu.com>
Date: Mon, 7 Mar 2016 20:00:05 +0000 (-0500)
Subject: Revert "allow cgroupfs mounts under /sys/fs/cgroup"
X-Git-Tag: lxc-2.0.0.rc6~2^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eab570bcaf848fad77e84dc9df1b5111d4b3603f;p=thirdparty%2Flxc.git

Revert "allow cgroupfs mounts under /sys/fs/cgroup"

This reverts commit 833bf9c2b29ff03cb5e5e1db089d25757f4a2647.

This change wasn't actually safe and is now superseded by the cgns profile.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
index 2a3969b9f..2237a477c 100644
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -91,6 +91,5 @@
   deny /sys/firmware/efi/efivars/** rwklx,
   deny /sys/kernel/security/** rwklx,
   mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
-  mount fstype=cgroup -> /sys/fs/cgroup/**,
   mount options=(ro, nosuid, nodev, noexec, remount, strictatime) -> /sys/fs/cgroup/,