Re: [lxc-devel] [PATCH 1/3] fix busybox template for use with AppArmor

Wed, 16 Oct 2013 10:02:29 -0700 

Quoting Dwight Engen (dwight.en...@oracle.com):
> Ensure /proc and /sys are mounted in the container, otherwise
> apparmor_enabled() will fail to find
> /sys/module/apparmor/parameters/enabled
> 
> Signed-off-by: Dwight Engen <dwight.en...@oracle.com>

Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>

> ---
>  templates/lxc-busybox.in | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
> index 12059f7..cbdaaf3 100644
> --- a/templates/lxc-busybox.in
> +++ b/templates/lxc-busybox.in
> @@ -37,6 +37,7 @@ $rootfs/usr/bin \
>  $rootfs/sbin \
>  $rootfs/usr/sbin \
>  $rootfs/proc \
> +$rootfs/sys \
>  $rootfs/mnt \
>  $rootfs/tmp \
>  $rootfs/var/log \
> @@ -92,7 +93,6 @@ EOF
>  
>      # mount points
>      cat <<EOF >> $rootfs/etc/fstab
> -proc  /proc      proc    defaults     0      0
>  shm   /dev/shm   tmpfs   defaults     0      0
>  EOF
>  
> @@ -278,6 +278,8 @@ EOF
>              echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> 
> $path/config
>          fi
>      done
> +    echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none 
> ro,bind 0 0" >>$path/config
> +    echo "lxc.mount.auto = proc:mixed sys" >>$path/config
>  }
>  
>  usage()
> -- 
> 1.8.3.1
> 
> 
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to