Ensure /proc and /sys are mounted in the container, otherwise
apparmor_enabled() will fail to find
/sys/module/apparmor/parameters/enabled
Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
---
templates/lxc-busybox.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index 12059f7..cbdaaf3 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -37,6 +37,7 @@ $rootfs/usr/bin \
$rootfs/sbin \
$rootfs/usr/sbin \
$rootfs/proc \
+$rootfs/sys \
$rootfs/mnt \
$rootfs/tmp \
$rootfs/var/log \
@@ -92,7 +93,6 @@ EOF
# mount points
cat <<EOF >> $rootfs/etc/fstab
-proc /proc proc defaults 0 0
shm /dev/shm tmpfs defaults 0 0
EOF
@@ -278,6 +278,8 @@ EOF
echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >>
$path/config
fi
done
+ echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none
ro,bind 0 0" >>$path/config
+ echo "lxc.mount.auto = proc:mixed sys" >>$path/config
}
usage()
--
1.8.3.1
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
