Skip to content

  • Projects
  • Groups
  • Snippets
  • Help
  • This project
    • Loading...
  • Sign in / Register
L
lxc
  • Project
    • Overview
    • Details
    • Activity
    • Cycle Analytics
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Charts
  • Issues 0
    • Issues 0
    • List
    • Board
    • Labels
    • Milestones
  • Merge Requests 0
    • Merge Requests 0
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Charts
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Charts
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • Chen Yisong
  • lxc
  • Repository

Switch branch/tag
  • lxc
  • config
  • apparmor
  • abstractions
  • container-base
Find file
BlameHistoryPermalink
  • Wolfgang Bumiller's avatar
    apparmor: allow various remount,bind options · e6ec0a9e
    Wolfgang Bumiller authored Nov 15, 2018
    RW bind mounts need to be restricted for some paths in
    order to avoid MAC restriction bypasses, but read-only bind
    mounts shouldn't have that problem.
    
    Additionally, combinations of 'nosuid', 'nodev' and
    'noexec' flags shouldn't be a problem either and are
    required with newer systemd versions, so let's allow those
    as long as they're combined with 'ro,remount,bind'.
    Signed-off-by: 's avatarWolfgang Bumiller <w.bumiller@proxmox.com>
    e6ec0a9e
container-base 8.39 KB
EditWeb IDE
×

Replace container-base

Attach a file by drag & drop or click to upload


Cancel
A new branch will be created in your fork and a new merge request will be started.