apparmor.d -> profiles
This commit is contained in:
Alexandre Pujol
parent
c408a878b7
commit
e9b8e62fcd
726 changed files with 0 additions and 0 deletions
14
profiles/lxc/lxc-default-with-mounting
Normal file
14
profiles/lxc/lxc-default-with-mounting
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
|
||||
# will source all profiles under /etc/apparmor.d/lxc
|
||||
|
||||
profile lxc-container-default-with-mounting flags=(attach_disconnected,mediate_deleted) {
|
||||
include <abstractions/lxc/container-base>
|
||||
|
||||
# allow standard blockdevtypes.
|
||||
# The concern here is in-kernel superblock parsers bringing down the
|
||||
# host with bad data. However, we continue to disallow proc, sys, securityfs,
|
||||
# etc to nonstandard locations.
|
||||
mount fstype=ext*,
|
||||
mount fstype=xfs,
|
||||
mount fstype=btrfs,
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue