AppArmor: add make-rslave to usr.bin.lxc-start

The profile already contains mount options=(rw, make-slave) -> **, Which allows going through all mountpoints with make-slave, so it seems to make sense to also allow the directly recursive variant with "make-rslave". Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

AppArmor: add make-rslave to usr.bin.lxc-start
05352fc9 · Wolfgang Bumiller · Stéphane Graber · 549a40b6 · 05352fc9
Commit 05352fc9 authored Jun 27, 2016 by Wolfgang Bumiller Committed by Stéphane Graber Jun 27, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

start-container config/apparmor/abstractions/start-container +1 -0

No files found.
--- a/config/apparmor/abstractions/start-container
+++ b/config/apparmor/abstractions/start-container
@@ -15,6 +15,7 @@
  mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
  mount options=bind /dev/pts/** -> /dev/**,
  mount options=(rw, make-slave) -> **,
+  mount options=(rw, make-rslave) -> **,
  mount fstype=debugfs,
  # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
  mount -> /var/lib/lxc/{**,},