Add lxc.aa_profile example to all templates

LXC has optional apparmor support, default profile is lxc-container-default.
This change adds a commented "lxc.aa_profile = default" line to all templates,
uncommenting this will bypass apparmor for the container.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index f6e8b5a9ae15eff1fb6a604c94bc3cb5f6df81c8..581074cae0e1b1cfb883a2a51093c057b5ce8b24 100644 (file)
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -233,6 +233,9 @@ cat <<EOF >> $path/config
 lxc.utsname = $name
 lxc.tty = 1
 lxc.pts = 1
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 EOF
 
 if [ -d "$rootfs/lib" ]; then