doc: s/aa_profile/apparmor.profile/g

Signed-off-by: Long Wang <w@laoqinren.net>

doc: s/aa_profile/apparmor.profile/g
a1d5fdfd · Long Wang · 69e38e00 · a1d5fdfd · a1d5fdfd · a1d5fdfd
Commit a1d5fdfd authored Jul 12, 2017 by Long Wang
18 changed files
--- a/config/templates/debian.common.conf.in
+++ b/config/templates/debian.common.conf.in
@@ -7,12 +7,12 @@ lxc.tty.dir =
 # When using LXC with apparmor, the container will be confined by default.
 # If you wish for it to instead run unconfined, copy the following line
 # (uncommented) to the container's configuration file.
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 # If you wish to allow mounting block filesystems, then use the following
 # line instead, and make sure to grant access to the block device and/or loop
 # devices below in lxc.cgroup.devices.allow.
-#lxc.aa_profile = lxc-container-default-with-mounting
+#lxc.apparmor.profile = lxc-container-default-with-mounting
 # Extra cgroup device access
 ## rtc

--- a/config/templates/nesting.conf.in
+++ b/config/templates/nesting.conf.in
 # Use a profile which allows nesting
-lxc.aa_profile = lxc-container-default-with-nesting
+lxc.apparmor.profile = lxc-container-default-with-nesting
 # Add uncovered mounts of proc and sys, else unprivileged users
 # cannot remount those

--- a/config/templates/ubuntu.common.conf.in
+++ b/config/templates/ubuntu.common.conf.in
@@ -10,7 +10,7 @@ lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0
 # When using LXC with apparmor, the container will be confined by default.
 # If you wish for it to instead run unconfined, copy the following line
 # (uncommented) to the container's configuration file.
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 # Uncomment the following line to autodetect squid-deb-proxy configuration on the
 # host and forward it to the guest at start time.
@@ -19,7 +19,7 @@ lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0
 # If you wish to allow mounting block filesystems, then use the following
 # line instead, and make sure to grant access to the block device and/or loop
 # devices below in lxc.cgroup.devices.allow.
-#lxc.aa_profile = lxc-container-default-with-mounting
+#lxc.apparmor.profile = lxc-container-default-with-mounting
 # Extra cgroup device access
 ## rtc

--- a/doc/ja/lxc.container.conf.sgml.in
+++ b/doc/ja/lxc.container.conf.sgml.in
@@ -1690,7 +1690,7 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
      <variablelist>
        <varlistentry>
          <term>
-            <option>lxc.aa_profile</option>
+            <option>lxc.apparmor.profile</option>
          </term>
          <listitem>
            <para>
@@ -1702,7 +1702,7 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
              コンテナが従うべき apparmor プロファイルを指定します。
              コンテナが apparmor による制限を受けないように設定するには、以下のように設定します。
            </para>
-              <programlisting>lxc.aa_profile = unconfined</programlisting>
+              <programlisting>lxc.apparmor.profile = unconfined</programlisting>
            <para>
              <!--
              If the apparmor profile should remain unchanged (i.e. if you
@@ -1710,7 +1710,7 @@ by KATOH Yasufumi <karma at jazz.email.ne.jp>
              -->
              もし apparmor プロファイルが変更されないままでなくてはならない場合 (ネストしたコンテナである場合や、すでに confined されている場合) は以下のように設定します。
            </para>
-              <programlisting>lxc.aa_profile = unchanged</programlisting>
+              <programlisting>lxc.apparmor.profile = unchanged</programlisting>
          </listitem>
        </varlistentry>
        <varlistentry>

--- a/doc/ko/lxc.container.conf.sgml.in
+++ b/doc/ko/lxc.container.conf.sgml.in
@@ -1630,7 +1630,7 @@ proc proc proc nodev,noexec,nosuid 0 0
      <variablelist>
 	<varlistentry>
 	  <term>
-	    <option>lxc.aa_profile</option>
+	    <option>lxc.apparmor.profile</option>
 	  </term>
 	  <listitem>
 	    <para>
@@ -1642,7 +1642,7 @@ proc proc proc nodev,noexec,nosuid 0 0
              컨테이너가 따라야할 apparmor 프로파일을 지정한다.
              컨테이너가 apparmor로 인한 제한을 받지 않도록 하려면, 아래와 같이 지정하면 된다.
 	    </para>
-	      <programlisting>lxc.aa_profile = unconfined</programlisting>
+	      <programlisting>lxc.apparmor.profile = unconfined</programlisting>
            <para>
 	      <!--
              If the apparmor profile should remain unchanged (i.e. if you
@@ -1650,7 +1650,7 @@ proc proc proc nodev,noexec,nosuid 0 0
 	      -->
              apparmor 프로파일이 변경되지 않아야 한다면(중첩 컨테이너 안에 있고, 이미 confined된 경우), 아래와 같이 지정하면 된다.
            </para>
-              <programlisting>lxc.aa_profile = unchanged</programlisting>
+              <programlisting>lxc.apparmor.profile = unchanged</programlisting>
 	  </listitem>
 	</varlistentry>
 	<varlistentry>

--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -1224,7 +1224,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      <variablelist>
        <varlistentry>
          <term>
-            <option>lxc.aa_profile</option>
+            <option>lxc.apparmor.profile</option>
          </term>
          <listitem>
            <para>
@@ -1232,12 +1232,12 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
              be run.  To specify that the container should be unconfined,
              use
            </para>
-              <programlisting>lxc.aa_profile = unconfined</programlisting>
+              <programlisting>lxc.apparmor.profile = unconfined</programlisting>
            <para>
              If the apparmor profile should remain unchanged (i.e. if you
 	      are nesting containers and are already confined), then use
            </para>
-              <programlisting>lxc.aa_profile = unchanged</programlisting>
+              <programlisting>lxc.apparmor.profile = unchanged</programlisting>
          </listitem>
        </varlistentry>
        <varlistentry>

--- a/src/tests/attach.c
+++ b/src/tests/attach.c
@@ -55,7 +55,7 @@ static void test_lsm_detect(void)
 			lsm_label      = "unconfined_u:unconfined_r:lxc_t:s0-s0:c0.c1023";
 		}
 		else if (!strcmp(lsm_name(), "AppArmor")) {
-			lsm_config_key = "lxc.aa_profile";
+			lsm_config_key = "lxc.apparmor.profile";
 			if (file_exists("/proc/self/ns/cgroup"))
 				lsm_label      = "lxc-container-default-cgns";
 			else

--- a/src/tests/lxc-test-apparmor-mount
+++ b/src/tests/lxc-test-apparmor-mount
@@ -170,7 +170,7 @@ fi
 run_cmd lxc-stop -n $cname -k
 echo "test regular unconfined container"
-echo "lxc.aa_profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config
+echo "lxc.apparmor.profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config
 run_cmd lxc-start -n $cname -d
 run_cmd lxc-wait -n $cname -s RUNNING
 pid=`run_cmd lxc-info -p -H -n $cname`
@@ -185,7 +185,7 @@ echo "masking $MOUNTSR"
 mount --bind $dnam $MOUNTSR
 echo "test default confined container"
-sed -i '/aa_profile/d' $HDIR/.local/share/lxc/$cname/config
+sed -i '/apparmor.profile/d' $HDIR/.local/share/lxc/$cname/config
 run_cmd lxc-start -n $cname -d || true
 sleep 3
 pid=`run_cmd lxc-info -p -H -n $cname` || true
@@ -196,7 +196,7 @@ if [ -n "$pid" -a "$pid" != "-1" ]; then
 fi
 echo "test regular unconfined container"
-echo "lxc.aa_profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config
+echo "lxc.apparmor.profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config
 run_cmd lxc-start -n $cname -d
 run_cmd lxc-wait -n $cname -s RUNNING
 pid=`run_cmd lxc-info -p -H -n $cname`
@@ -212,7 +212,7 @@ fi
 run_cmd lxc-stop -n $cname -k
 echo "testing override"
-sed -i '/aa_profile/d' $HDIR/.local/share/lxc/$cname/config
+sed -i '/apparmor.profile/d' $HDIR/.local/share/lxc/$cname/config
 echo "lxc.apparmor.allow_incomplete = 1" >> $HDIR/.local/share/lxc/$cname/config
 run_cmd lxc-start -n $cname -d
 run_cmd lxc-wait -n $cname -s RUNNING

--- a/templates/lxc-altlinux.in
+++ b/templates/lxc-altlinux.in
@@ -282,7 +282,7 @@ lxc.pty.max = 1024
 lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 #networking
 #lxc.net.0.type = $lxc_network_type

--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -349,7 +349,7 @@ lxc.pty.max = 1
 lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
 lxc.mount.entry = shm /dev/shm tmpfs defaults 0 0

--- a/templates/lxc-centos.in
+++ b/templates/lxc-centos.in
@@ -644,7 +644,7 @@ lxc.arch = $arch
 lxc.uts.name = $utsname
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 # example simple networking setup, uncomment to enable
 #lxc.net.0.type = $lxc_network_type

--- a/templates/lxc-cirros.in
+++ b/templates/lxc-cirros.in
@@ -128,7 +128,7 @@ lxc.arch = $arch
 lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
 lxc.cgroup.devices.deny = a

--- a/templates/lxc-fedora-legacy.in
+++ b/templates/lxc-fedora-legacy.in
@@ -1130,7 +1130,7 @@ lxc.arch = $arch
 lxc.uts.name = $utsname
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 # example simple networking setup, uncomment to enable
 #lxc.net.0.type = $lxc_network_type

--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -489,7 +489,7 @@ lxc.arch = ${basearch}
 lxc.uts.name = ${utsname}
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 # example simple networking setup, uncomment to enable
 #lxc.net.0.type = ${lxc_network_type}

--- a/templates/lxc-openmandriva.in
+++ b/templates/lxc-openmandriva.in
@@ -235,7 +235,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 #networking
 lxc.net.0.type = $lxc_network_type

--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -355,7 +355,7 @@ lxc.uts.name = $name
 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-lxc.aa_profile = unconfined
+lxc.apparmor.profile = unconfined
 # example simple networking setup, uncomment to enable
 #lxc.net.0.type = $lxc_network_type

--- a/templates/lxc-pld.in
+++ b/templates/lxc-pld.in
@@ -248,7 +248,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 lxc.autodev = $auto_dev
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 ## Devices
 # Allow all devices

--- a/templates/lxc-sshd.in
+++ b/templates/lxc-sshd.in
@@ -134,7 +134,7 @@ lxc.pty.max = 1024
 lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 lxc.mount.entry = /dev dev none ro,bind 0 0
 lxc.mount.entry = /lib lib none ro,bind 0 0