Add lxc.aa_profile example to all templates

LXC has optional apparmor support, default profile is lxc-container-default. This change adds a commented "lxc.aa_profile = default" line to all templates, uncommenting this will bypass apparmor for the container. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add lxc.aa_profile example to all templates
f02ce27d · Stéphane Graber · 33f3de4e · f02ce27d · f02ce27d · f02ce27d
Commit f02ce27d authored Aug 29, 2012 by Stéphane Graber
10 changed files
--- a/templates/lxc-altlinux.in
+++ b/templates/lxc-altlinux.in
@@ -245,6 +245,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs_path
 lxc.mount  = $config_path/fstab
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 #networking
 lxc.network.type = $lxc_network_type
 lxc.network.flags = up

--- a/templates/lxc-archlinux.in
+++ b/templates/lxc-archlinux.in
@@ -224,6 +224,10 @@ lxc.tty=4
 lxc.pts=1024
 lxc.rootfs=${rootfs_path}
 lxc.mount=${config_path}/fstab
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 #networking
 lxc.network.type=${lxc_network_type}
 lxc.network.flags=up

--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -233,6 +233,9 @@ lxc.utsname = $name
 lxc.tty = 1
 lxc.pts = 1
 lxc.rootfs = $rootfs
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 EOF
 if [ -d "$rootfs/lib" ]; then

--- a/templates/lxc-debian.in
+++ b/templates/lxc-debian.in
@@ -205,6 +205,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.utsname = $hostname
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm

--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -237,6 +237,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs_path
 lxc.mount  = $config_path/fstab
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 #networking
 lxc.network.type = $lxc_network_type
 lxc.network.flags = up

--- a/templates/lxc-lenny.in
+++ b/templates/lxc-lenny.in
@@ -183,6 +183,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.cgroup.devices.deny = a
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm
 lxc.cgroup.devices.allow = c 1:5 rwm

--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -262,6 +262,9 @@ lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.mount  = $path/fstab
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm

--- a/templates/lxc-sshd.in
+++ b/templates/lxc-sshd.in
@@ -101,6 +101,10 @@ cat <<EOF >> $path/config
 lxc.utsname = $name
 lxc.pts = 1024
 lxc.rootfs = $rootfs
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 lxc.mount.entry=/dev dev none ro,bind 0 0
 lxc.mount.entry=/lib lib none ro,bind 0 0
 lxc.mount.entry=/bin bin none ro,bind 0 0

--- a/templates/lxc-ubuntu-cloud.in
+++ b/templates/lxc-ubuntu-cloud.in
@@ -57,6 +57,9 @@ lxc.arch = $arch
 lxc.cap.drop = sys_module mac_admin
 lxc.pivotdir = lxc_putold
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)
 lxc.cgroup.devices.allow = c *:* m

--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -315,6 +315,9 @@ lxc.arch = $arch
 lxc.cap.drop = sys_module mac_admin mac_override
 lxc.pivotdir = lxc_putold
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)
 lxc.cgroup.devices.allow = c *:* m