From c94ee7a0d54d189713c0d4775e8f8fbd27dc0e2a Mon Sep 17 00:00:00 2001 From: =?utf8?q?St=C3=A9phane=20Graber?= Date: Wed, 14 Oct 2015 13:50:14 -0700 Subject: [PATCH] apparmor: Sync with current git master MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This makes stable-1.0, stable-1.1 and master all be in sync with regard to apparmor. This has the nice added benefit of fixing an apparmor regression with /dev/pts handling in some older kernels. Signed-off-by: Stéphane Graber --- config/apparmor/abstractions/start-container | 1 + config/apparmor/profiles/lxc-default-with-nesting | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container index e36196884..b06a84d3b 100644 --- a/config/apparmor/abstractions/start-container +++ b/config/apparmor/abstractions/start-container @@ -13,6 +13,7 @@ mount -> /usr/lib/lxc/{**,}, mount fstype=devpts -> /dev/pts/, mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/, + mount options=bind /dev/pts/** -> /dev/**, mount options=(rw, make-slave) -> **, mount fstype=debugfs, # allow pre-mount hooks to stage mounts under /var/lib/lxc// diff --git a/config/apparmor/profiles/lxc-default-with-nesting b/config/apparmor/profiles/lxc-default-with-nesting index bd7078a84..66aa5fd7d 100644 --- a/config/apparmor/profiles/lxc-default-with-nesting +++ b/config/apparmor/profiles/lxc-default-with-nesting @@ -12,5 +12,5 @@ profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_de deny /dev/.lxc/sys/** rw, mount fstype=proc -> /var/cache/lxc/**, mount fstype=sysfs -> /var/cache/lxc/**, - mount options=(rw,bind) /var/cache/lxc/**/dev/shm/ -> /var/cache/lxc/**/run/shm/, + mount options=(rw,bind), } -- 2.47.2