git.proxmox.com Git - mirror

]> git.proxmox.com Git - mirror_lxc.git/commit

author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Tue, 8 Mar 2016 03:10:58 +0000 (19:10 -0800)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Tue, 8 Mar 2016 03:10:58 +0000 (19:10 -0800)
commit	537188a8eefd6df82995e71f453fce4d6622b110
tree	5167f19861a95e3481f4b157d823c5eb4b99f982	tree
parent	215486610e2b6ca08ec2dfe5dbf5de834c554ac8	commit \| diff

prevent containers from reading /sys/kernel/debug

Unprivileged containers cannot read it anyway, but also prevent root
owned containers from doing so. Sadly upstart's mountall won't run
if we try to prevent it from being mounted at all.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

config/apparmor/abstractions/container-base		diff \| blob \| blame \| history
config/apparmor/abstractions/container-base.in		diff \| blob \| blame \| history

LXC mirror

RSS Atom