From: Stéphane Graber <stgraber@ubuntu.com>
Date: Tue, 16 Feb 2016 01:08:09 +0000 (-0500)
Subject: Allow cgroupfs remount by systemd
X-Git-Tag: lxc-2.0.0.rc1~2^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F822%2Fhead;p=thirdparty%2Flxc.git

Allow cgroupfs remount by systemd

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
index e8a39ce3b..2a3969b9f 100644
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -92,4 +92,5 @@
   deny /sys/kernel/security/** rwklx,
   mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
   mount fstype=cgroup -> /sys/fs/cgroup/**,
+  mount options=(ro, nosuid, nodev, noexec, remount, strictatime) -> /sys/fs/cgroup/,