Revert "allow cgroupfs mounts under /sys/fs/cgroup"

This reverts commit 833bf9c2. This change wasn't actually safe and is now superseded by the cgns profile. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Revert "allow cgroupfs mounts under /sys/fs/cgroup"
eab570bc · Stéphane Graber · 6a814f48 · eab570bc
Commit eab570bc authored Mar 07, 2016 by Stéphane Graber
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 1 deletion

container-base.in config/apparmor/abstractions/container-base.in +0 -1

No files found.
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -91,6 +91,5 @@
  deny /sys/firmware/efi/efivars/** rwklx,
  deny /sys/kernel/security/** rwklx,
  mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
-  mount fstype=cgroup -> /sys/fs/cgroup/**,
  mount options=(ro, nosuid, nodev, noexec, remount, strictatime) -> /sys/fs/cgroup/,