felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

apparmor.d -> profiles

Browse source
This commit is contained in:
Alexandre Pujol 2021-04-01 16:02:59 +01:00
parent c408a878b7
commit e9b8e62fcd
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
726 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
profiles/lxc/lxc-default-with-nesting Normal file
View file

@ -0,0 +1,15 @@
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc
profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_deleted) {
include <abstractions/lxc/container-base>
include <abstractions/lxc/start-container>
deny /dev/.lxc/proc/** rw,
deny /dev/.lxc/sys/** rw,
mount fstype=proc -> /var/cache/lxc/**,
mount fstype=sysfs -> /var/cache/lxc/**,
mount options=(rw,bind),
mount fstype=cgroup -> /sys/fs/cgroup/**,
mount fstype=cgroup2 -> /sys/fs/cgroup/**,
}