fix busybox template for use with AppArmor

Ensure /proc and /sys are mounted in the container, otherwise
apparmor_enabled() will fail to find
/sys/module/apparmor/parameters/enabled

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index 12059f70a5b196025c8492a871bb93f4edf23025..cbdaaf3ccba1f6adfbbd2b5f345abc2f334cba36 100644 (file)
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -37,6 +37,7 @@ $rootfs/usr/bin \
 $rootfs/sbin \
 $rootfs/usr/sbin \
 $rootfs/proc \
+$rootfs/sys \
 $rootfs/mnt \
 $rootfs/tmp \
 $rootfs/var/log \
@@ -92,7 +93,6 @@ EOF
 
     # mount points
     cat <<EOF >> $rootfs/etc/fstab
-proc  /proc      proc    defaults     0      0
 shm   /dev/shm   tmpfs   defaults     0      0
 EOF
 
@@ -278,6 +278,8 @@ EOF
             echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
         fi
     done
+    echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind 0 0" >>$path/config
+    echo "lxc.mount.auto = proc:mixed sys" >>$path/config
 }
 
 usage()