]> git.proxmox.com Git - mirror_lxc.git/commitdiff
projects / mirror_lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6a814f4)
Revert "allow cgroupfs mounts under /sys/fs/cgroup"
authorStéphane Graber <stgraber@ubuntu.com>
Mon, 7 Mar 2016 20:00:05 +0000 (15:00 -0500)
committerStéphane Graber <stgraber@ubuntu.com>
Mon, 7 Mar 2016 20:00:05 +0000 (15:00 -0500)
This reverts commit 833bf9c2b29ff03cb5e5e1db089d25757f4a2647.

This change wasn't actually safe and is now superseded by the cgns profile.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
config/apparmor/abstractions/container-base.in patch | blob | blame | history

diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
index 2a3969b9f27298062a4d0edcea5ccff610d4be0f..2237a477cadcc599b449da490c83a4a9dc7986c2 100644 (file)
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -91,6 +91,5 @@
   deny /sys/firmware/efi/efivars/** rwklx,
   deny /sys/kernel/security/** rwklx,
   mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
-  mount fstype=cgroup -> /sys/fs/cgroup/**,
   mount options=(ro, nosuid, nodev, noexec, remount, strictatime) -> /sys/fs/cgroup/,
 
LXC mirror