apparmor: Allow /usr/lib* paths for mount and pivot_root

openSUSE Leap 15 is using --libdir=/usr/lib64 when building for x86_64 so we need to allow this path in the apparmor profiles. Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1099239Signed-off-by: Markos Chandras <mchandras@suse.de>

apparmor: Allow /usr/lib* paths for mount and pivot_root
9748d3f1 · Markos Chandras · Christian Brauner · 53c1c865 · 9748d3f1
Unverified Commit 9748d3f1 authored Jul 19, 2018 by Markos Chandras Committed by Christian Brauner Jul 24, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 6 deletions

start-container config/apparmor/abstractions/start-container +6 -6

No files found.
--- a/config/apparmor/abstractions/start-container
+++ b/config/apparmor/abstractions/start-container
@@ -9,8 +9,8 @@
  ptrace,

  # currently blocked by apparmor bug
-  mount -> /usr/lib/*/lxc/{**,},
-  mount -> /usr/lib/lxc/{**,},
+  mount -> /usr/lib*/*/lxc/{**,},
+  mount -> /usr/lib*/lxc/{**,},
  mount fstype=devpts -> /dev/pts/,
  mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
  mount options=bind /dev/pts/** -> /dev/**,
@@ -34,10 +34,10 @@
  # This may look a bit redundant, however it appears we need all of
  # them if we want things to work properly on all combinations of kernel
  # and userspace parser...
-  pivot_root /usr/lib/lxc/,
-  pivot_root /usr/lib/*/lxc/,
-  pivot_root /usr/lib/lxc/**,
-  pivot_root /usr/lib/*/lxc/**,
+  pivot_root /usr/lib*/lxc/,
+  pivot_root /usr/lib*/*/lxc/,
+  pivot_root /usr/lib*/lxc/**,
+  pivot_root /usr/lib*/*/lxc/**,

  change_profile -> lxc-*,
  change_profile -> unconfined,