bump version to 3.0.2+pve1-1

[lxc.git] / debian / patches / extra / 0009-apparmor-update-current-profiles.patch
diff --git a/debian/patches/extra/0009-apparmor-update-current-profiles.patch b/debian/patches/extra/0009-apparmor-update-current-profiles.patch

deleted file mode 100644 (file)

index 5c0e7fd..0000000
--- a/debian/patches/extra/0009-apparmor-update-current-profiles.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Wed, 25 Jul 2018 12:11:23 +0200
-Subject: [PATCH] apparmor: update current profiles
-
-remove cgmanager rules and add fstype=cgroup2 variants for
-the existing fstype=cgroup rules
-
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
-(cherry picked from commit 6e6aca3e3e71ae0cfad69456acd1dc503feaf964)
----
- config/apparmor/abstractions/container-base.in    | 1 -
- config/apparmor/profiles/lxc-default-cgns         | 1 +
- config/apparmor/profiles/lxc-default-with-nesting | 1 +
- 3 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
-index 54f9ddf0..0844fdbb 100644
---- a/config/apparmor/abstractions/container-base.in
-+++ b/config/apparmor/abstractions/container-base.in
-@@ -84,7 +84,6 @@
-   mount fstype=sysfs -> /sys/,
-   deny /sys/firmware/efi/efivars/** rwklx,
-   deny /sys/kernel/security/** rwklx,
--  mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
-   mount options=(ro, nosuid, nodev, noexec, remount, strictatime) -> /sys/fs/cgroup/,
- 
-   # deny reads from debugfs
-diff --git a/config/apparmor/profiles/lxc-default-cgns b/config/apparmor/profiles/lxc-default-cgns
-index ff599ef8..f69eb994 100644
---- a/config/apparmor/profiles/lxc-default-cgns
-+++ b/config/apparmor/profiles/lxc-default-cgns
-@@ -9,4 +9,5 @@ profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {
-   # the newinstance option (but, right now, we don't).
-   deny mount fstype=devpts,
-   mount fstype=cgroup -> /sys/fs/cgroup/**,
-+  mount fstype=cgroup2 -> /sys/fs/cgroup/**,
- }
-diff --git a/config/apparmor/profiles/lxc-default-with-nesting b/config/apparmor/profiles/lxc-default-with-nesting
-index 6e5745f9..cd198beb 100644
---- a/config/apparmor/profiles/lxc-default-with-nesting
-+++ b/config/apparmor/profiles/lxc-default-with-nesting
-@@ -11,4 +11,5 @@ profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_de
-   mount fstype=sysfs -> /var/cache/lxc/**,
-   mount options=(rw,bind),
-   mount fstype=cgroup -> /sys/fs/cgroup/**,
-+  mount fstype=cgroup2 -> /sys/fs/cgroup/**,
- }
--- 
-2.11.0
-