projects / lxc.git / blame
| Commit | Line | Data |
|---|---|---|
| 2d8021b3 WB |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| 2 | From: Wolfgang Bumiller <w.bumiller@proxmox.com> | |
| 3 | Date: Tue, 24 Jul 2018 16:42:26 +0200 | |
| 4 | Subject: [PATCH] apparmor: allow start-container to change to lxc-** | |
| 5 | ||
| 6 | For generated profiles with apparmor namespaces we get | |
| 7 | profile names with slashes in them. To match those, we need | |
| 8 | to allow changing to lxc-**, not just lxc-*. | |
| 9 | ||
| 10 | Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> | |
| 11 | (cherry picked from commit 242a9fa7ee7e9f524de5a23917faa846ea525622) | |
| 12 | --- | |
| 13 | config/apparmor/abstractions/start-container | 1 + | |
| 14 | 1 file changed, 1 insertion(+) | |
| 15 | ||
| 16 | diff --git a/config/apparmor/abstractions/start-container b/config/apparmor/abstractions/start-container | |
| 17 | index 414d058b..3df9883e 100644 | |
| 18 | --- a/config/apparmor/abstractions/start-container | |
| 19 | +++ b/config/apparmor/abstractions/start-container | |
| 20 | @@ -40,5 +40,6 @@ | |
| 21 | pivot_root /usr/lib*/*/lxc/**, | |
| 22 | ||
| 23 | change_profile -> lxc-*, | |
| 24 | + change_profile -> lxc-**, | |
| 25 | change_profile -> unconfined, | |
| 26 | change_profile -> :lxc-*:unconfined, | |
| 27 | -- | |
| 28 | 2.11.0 | |
| 29 |