fix busybox template for use with AppArmor

Ensure /proc and /sys are mounted in the container, otherwise apparmor_enabled() will fail to find /sys/module/apparmor/parameters/enabled Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

fix busybox template for use with AppArmor
fefddf9f · Dwight Engen · Serge Hallyn · c944b920 · fefddf9f
Commit fefddf9f authored Oct 15, 2013 by Dwight Engen Committed by Serge Hallyn Oct 17, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

lxc-busybox.in templates/lxc-busybox.in +3 -1

No files found.
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -37,6 +37,7 @@ $rootfs/usr/bin \
 $rootfs/sbin \
 $rootfs/usr/sbin \
 $rootfs/proc \
+$rootfs/sys \
 $rootfs/mnt \
 $rootfs/tmp \
 $rootfs/var/log \
@@ -92,7 +93,6 @@ EOF

    # mount points
    cat <<EOF >> $rootfs/etc/fstab
-proc  /proc      proc    defaults     0      0
 shm   /dev/shm   tmpfs   defaults     0      0
 EOF

@@ -278,6 +278,8 @@ EOF
            echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
        fi
    done
+    echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind 0 0" >>$path/config
+    echo "lxc.mount.auto = proc:mixed sys" >>$path/config
 }

 usage()