]> git.proxmox.com Git - mirror_lxc.git/commit
projects / mirror_lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 72be4f8) | patch
Introduce apparmor support
authorSerge Hallyn <serge.hallyn@ubuntu.com>
Tue, 31 Jul 2012 14:04:33 +0000 (16:04 +0200)
committerDaniel Lezcano <daniel.lezcano@free.fr>
Tue, 31 Jul 2012 14:04:33 +0000 (16:04 +0200)
commite075f5d9b64175dad6e591e3f1d05a8434c4699f
treec9ec5492bad0a64563efae9d6dfc569a937977eetree
parent72be4f89b0564bbecab3c5dc934197aefcecccc3commit | diff
Introduce apparmor support

This could be done as generic 'lsm_init()' and 'lsm_load()' functions,
however that would make it impossible to compile one package supporting
more than one lsm.  If we explicitly add the selinux, smack, and aa
hooks in the source, then one package can be built to support multiple
kernels.

The smack support should be pretty trivial, and probably very close
to the apparmor support.

The selinux support may require more, including labeling the passed-in
fds (consoles etc) and filesystems.

If someone on the list has the inclination and experience to add selinux
support, please let me know.  Otherwise, I'll do Smack and SELinux.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
configure.ac diff | blob | blame | history
src/lxc/Makefile.am diff | blob | blame | history
src/lxc/apparmor.c [new file with mode: 0644] blob
src/lxc/apparmor.h [new file with mode: 0644] blob
src/lxc/conf.c diff | blob | blame | history
src/lxc/conf.h diff | blob | blame | history
src/lxc/confile.c diff | blob | blame | history
src/lxc/start.c diff | blob | blame | history
src/lxc/start.h diff | blob | blame | history
LXC mirror