Skip to content

L
lxc
Commit 64b4c7a3 by Martin Pitt
Options

apparmor: Fix slave bind mounts

The permission to make a mount "slave" is spelt "make-slave", not "slave", see https://launchpad.net/bugs/1401619. Also, we need to make all mounts slave, not just the root dir. https://launchpad.net/bugs/1350947
parent 97a8f74f
Showing with 1 addition and 1 deletion
config/apparmor/abstractions/start-container
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
mount -> /usr/lib/lxc/{**,}, mount -> /usr/lib/lxc/{**,},
mount fstype=devpts -> /dev/pts/, mount fstype=devpts -> /dev/pts/,
mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/, mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
mount options=(rw, slave) -> /, mount options=(rw, make-slave) -> **,
mount fstype=debugfs, mount fstype=debugfs,
# allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/ # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
mount -> /var/lib/lxc/{**,}, mount -> /var/lib/lxc/{**,},
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment