]> git.proxmox.com Git - mirror_lxc.git/commit - configure.ac
projects / mirror_lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3a0abb3) | patch
refactor AppArmor into LSM backend, add SELinux support
authorDwight Engen <dwight.engen@oracle.com>
Tue, 24 Sep 2013 15:13:02 +0000 (11:13 -0400)
committerSerge Hallyn <serge.hallyn@ubuntu.com>
Wed, 25 Sep 2013 22:12:36 +0000 (17:12 -0500)
commitfe4de9a66d112cb9ddd5977dcce075323f29a39a
treec49dc5ad5eb66ae1fdef16997a513614ca41500dtree
parent3a0abb3aa21dda3679f4353926ebdd4c51ea0d0fcommit | diff
refactor AppArmor into LSM backend, add SELinux support

Currently, a maximum of one LSM within LXC will be initialized and
used. If in the future stacked LSMs become a reality, we can support it
without changing the configuration syntax and add support for more than
a single LSM at a time to the lsm code.

Generic LXC code should note that lsm_process_label_set() will take
effect "now" for AppArmor, and upon exec() for SELinux.

- fix Oracle template mounting of proc and sysfs, needed when using SELinux

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
18 files changed:
configure.ac diff | blob | blame | history
doc/lxc.conf.sgml.in diff | blob | blame | history
src/lxc/Makefile.am diff | blob | blame | history
src/lxc/apparmor.c [deleted file] blob | blame | history
src/lxc/apparmor.h [deleted file] blob | blame | history
src/lxc/attach.c diff | blob | blame | history
src/lxc/attach.h diff | blob | blame | history
src/lxc/conf.c diff | blob | blame | history
src/lxc/conf.h diff | blob | blame | history
src/lxc/confile.c diff | blob | blame | history
src/lxc/lsm/apparmor.c [new file with mode: 0644] blob
src/lxc/lsm/lsm.c [new file with mode: 0644] blob
src/lxc/lsm/lsm.h [new file with mode: 0644] blob
src/lxc/lsm/nop.c [new file with mode: 0644] blob
src/lxc/lsm/selinux.c [new file with mode: 0644] blob
src/lxc/start.c diff | blob | blame | history
src/lxc/start.h diff | blob | blame | history
templates/lxc-oracle.in diff | blob | blame | history
LXC mirror