From 4ea0b361f1d0c7ce67523a59a7a834eb12f7b555 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@brickies.net>
Date: Fri, 24 Feb 2023 16:48:10 -0500
Subject: [PATCH] Allow fuse mounts in apparmor start-container.

Unprivledged user should be able to do fuse mounts during start-container.
Specifically this solves the problem for un-priv fuse mounting via
pre-hook.

Signed-off-by: Scott Moser <smoser@brickies.net>
---
 config/apparmor/abstractions/start-container.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/apparmor/abstractions/start-container.in b/config/apparmor/abstractions/start-container.in
index 59dcb69ab..4acb1410f 100644
--- a/config/apparmor/abstractions/start-container.in
+++ b/config/apparmor/abstractions/start-container.in
@@ -20,6 +20,7 @@
   mount options=(rw, make-shared) -> **,
   mount options=(rw, make-rshared) -> **,
   mount fstype=debugfs,
+  mount fstype=fuse.*,
   # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
   mount -> /var/lib/lxc/{**,},
 
-- 
2.47.2