From: Stéphane Graber <stgraber@ubuntu.com>
Date: Tue, 21 Apr 2020 17:09:07 +0000 (-0400)
Subject: apparmor: Allow boot_id
X-Git-Tag: lxc-5.0.0~445^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3391%2Fhead;p=thirdparty%2Flxc.git

apparmor: Allow boot_id

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/config/apparmor/abstractions/start-container.in b/config/apparmor/abstractions/start-container.in
index f2b48235d..9998f1121 100644
--- a/config/apparmor/abstractions/start-container.in
+++ b/config/apparmor/abstractions/start-container.in
@@ -21,6 +21,8 @@
   # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
   mount -> /var/lib/lxc/{**,},
 
+  mount /dev/.lxc-boot-id -> /proc/sys/kernel/random/boot_id,
+
   # required for some pre-mount hooks
   mount fstype=overlayfs,
   mount fstype=aufs,