Skip to content

L
lxc
Commit fefddf9f by Dwight Engen Committed by Serge Hallyn
Options

fix busybox template for use with AppArmor

Ensure /proc and /sys are mounted in the container, otherwise apparmor_enabled() will fail to find /sys/module/apparmor/parameters/enabled Signed-off-by: 's avatarDwight Engen <dwight.engen@oracle.com> Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
parent c944b920
Showing with 3 additions and 1 deletion
templates/lxc-busybox.in
...@@ -37,6 +37,7 @@ $rootfs/usr/bin \ ...@@ -37,6 +37,7 @@ $rootfs/usr/bin \
$rootfs/sbin \ $rootfs/sbin \
$rootfs/usr/sbin \ $rootfs/usr/sbin \
$rootfs/proc \ $rootfs/proc \
$rootfs/sys \
$rootfs/mnt \ $rootfs/mnt \
$rootfs/tmp \ $rootfs/tmp \
$rootfs/var/log \ $rootfs/var/log \
...@@ -92,7 +93,6 @@ EOF ...@@ -92,7 +93,6 @@ EOF
# mount points # mount points
cat <<EOF >> $rootfs/etc/fstab cat <<EOF >> $rootfs/etc/fstab
proc /proc proc defaults 0 0
shm /dev/shm tmpfs defaults 0 0 shm /dev/shm tmpfs defaults 0 0
EOF EOF
...@@ -278,6 +278,8 @@ EOF ...@@ -278,6 +278,8 @@ EOF
echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
fi fi
done done
echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind 0 0" >>$path/config
echo "lxc.mount.auto = proc:mixed sys" >>$path/config
} }
usage() usage()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment