config/apparmor/profiles/lxc-default-with-mounting

   1 # Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
   2 # will source all profiles under /etc/apparmor.d/lxc
   3
   4 profile lxc-container-default-with-mounting flags=(attach_disconnected,mediate_deleted) {
   5   #include <abstractions/lxc/container-base>
   6
   7 # allow standard blockdevtypes.
   8 # The concern here is in-kernel superblock parsers bringing down the
   9 # host with bad data.  However, we continue to disallow proc, sys, securityfs,
  10 # etc to nonstandard locations.
  11   mount fstype=ext*,
  12   mount fstype=xfs,
  13   mount fstype=btrfs,
  14 }