apparmor: support lxc.ttydir when bind-mounting ptys

Because we now create the ttys from inside the container, we had to add an apparmor rule for start-container to bind-mount /dev/pts/** -> /dev/tty*/. However that's not sufficient if the container sets lxc.ttydir, in which case we need to support mounting onto files in subdirs of /dev. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

apparmor: support lxc.ttydir when bind-mounting ptys
1b0c1746 · Serge Hallyn · Stéphane Graber · ae0aeade · 1b0c1746
Commit 1b0c1746 authored Jan 29, 2015 by Serge Hallyn Committed by Stéphane Graber Jan 30, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

start-container config/apparmor/abstractions/start-container +1 -1

No files found.
--- a/config/apparmor/abstractions/start-container
+++ b/config/apparmor/abstractions/start-container
@@ -13,7 +13,7 @@
  mount -> /usr/lib/lxc/{**,},
  mount fstype=devpts -> /dev/pts/,
  mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
-  mount options=bind /dev/pts/** -> /dev/tty*/,
+  mount options=bind /dev/pts/** -> /dev/**,
  mount options=(rw, make-slave) -> **,
  mount fstype=debugfs,
  # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/