From fefddf9f9f52616972a5b25549c250fd9f709ab4 Mon Sep 17 00:00:00 2001
From: Dwight Engen <dwight.engen@oracle.com>
Date: Tue, 15 Oct 2013 13:51:14 -0400
Subject: [PATCH] fix busybox template for use with AppArmor

Ensure /proc and /sys are mounted in the container, otherwise
apparmor_enabled() will fail to find
/sys/module/apparmor/parameters/enabled

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
 templates/lxc-busybox.in | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index 12059f70a..cbdaaf3cc 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -37,6 +37,7 @@ $rootfs/usr/bin \
 $rootfs/sbin \
 $rootfs/usr/sbin \
 $rootfs/proc \
+$rootfs/sys \
 $rootfs/mnt \
 $rootfs/tmp \
 $rootfs/var/log \
@@ -92,7 +93,6 @@ EOF
 
     # mount points
     cat <<EOF >> $rootfs/etc/fstab
-proc  /proc      proc    defaults     0      0
 shm   /dev/shm   tmpfs   defaults     0      0
 EOF
 
@@ -278,6 +278,8 @@ EOF
             echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
         fi
     done
+    echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind 0 0" >>$path/config
+    echo "lxc.mount.auto = proc:mixed sys" >>$path/config
 }
 
 usage()
-- 
2.47.2