~smoser/ubuntu/quantal/lxc/lp-1066084

« back to all changes in this revision

Viewing changes to debian/apparmor/abstractions-lxc-start-container.in

  • Committer: Stéphane Graber
  • Date: 2012-09-13 15:04:28 UTC
  • Revision ID: stgraber@ubuntu.com-20120913150428-1lqw7ur4fre1yybq
Allow /usr/lib/*/lxc in lxc-start-container instead of relying on multi-arch path

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
  network,
2
 
  capability,
3
 
  file,
4
 
 
5
 
  # currently blocked by apparmor bug
6
 
  mount -> /usr/lib/@DEB_HOST_MULTIARCH@/lxc/{**,},
7
 
  mount fstype=devpts -> /dev/pts/,
8
 
  mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
9
 
  mount fstype=debugfs,
10
 
 
11
 
  # required for some pre-mount hooks (like the new lxc-start-ephemeral)
12
 
  mount fstype=overlayfs,
13
 
  mount fstype=aufs,
14
 
  mount fstype=ecryptfs,
15
 
 
16
 
  # all umounts are under the original root's /mnt, but right now we
17
 
  # can't allow those umounts after pivot_root.  So allow all umounts
18
 
  # right now.  They'll be restricted for the container at least.
19
 
  umount,
20
 
  #umount /mnt/{**,},
21
 
 
22
 
  pivot_root /usr/lib/@DEB_HOST_MULTIARCH@/lxc/,
23
 
 
24
 
  change_profile -> lxc-*,
25
 
  change_profile -> unconfined,