~ubuntu-branches/ubuntu/quantal/lxc/quantal-proposed

« back to all changes in this revision

Viewing changes to debian/local/lxc-aa-custom-profile

  • Committer: Package Import Robot
  • Author(s): Stéphane Graber, Serge Hallyn, Stéphane Graber
  • Date: 2012-06-25 01:34:12 UTC
  • Revision ID: package-import@ubuntu.com-20120625013412-y72y0r5r6i4t9rhg
Tags: 0.8.0~rc1-4ubuntu15
[ Serge Hallyn ]
* Add 'lxc-aa-custom-profile' command to make it easier to start using a
  cusom profile for a container.

[ Stéphane Graber ]
* Update apparmor profiles to fix nesting:
  - Allow fstype=cgroup mounts for lxc-default-with-nesting
  - Only prevent mounting devpts for lxc-default and not
    in lxc-default-with-nesting as it's required to spawn containers.

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#!/bin/sh
 
2
 
 
3
set -e
 
4
 
 
5
_OPTIONS="$(getopt -o n: -l name: -- "${@}")"
 
6
 
 
7
if [ "${?}" -ne 0 ]
 
8
then
 
9
        echo "Usage: $(basename ${0}) -n|--name CONTAINER" >&2
 
10
        echo "  creates a custom profile (copied from the default) for CONTAINER"
 
11
        exit 1
 
12
fi
 
13
 
 
14
eval set -- "${_OPTIONS}"
 
15
 
 
16
while true
 
17
do
 
18
        case "${1}" in
 
19
                -n|--name)
 
20
                        _CONTAINER="${2}"
 
21
                        shift 2
 
22
                        ;;
 
23
 
 
24
                --)
 
25
                        shift
 
26
                        break
 
27
                        ;;
 
28
 
 
29
                *)
 
30
                        echo "E: $(basename ${0}): internal error ${0}" >&2
 
31
                        exit 1
 
32
                        ;;
 
33
        esac
 
34
done
 
35
 
 
36
if [ `id -u` -ne 0 ]; then
 
37
        echo "E: $(basename ${0}): must run with privilege"
 
38
        exit 1
 
39
fi
 
40
 
 
41
if [ -z "${_CONTAINER}" ]
 
42
then
 
43
        echo "E: $(basename ${0}): missing container name, use --name option" >&2
 
44
        exit 1
 
45
fi
 
46
 
 
47
if [ ! -f /var/lib/lxc/${_CONTAINER}/config ]; then
 
48
        echo "E: $(basename ${0}): /var/lib/lxc/${_CONTAINER}/config - no such file"
 
49
        exit 1
 
50
fi
 
51
 
 
52
profile="lxc-${_CONTAINER}"
 
53
if [ -f /etc/apparmor.d/lxc/${profile} ]; then
 
54
        echo "E: $(basename ${0}): custom profile already exists"
 
55
        exit 1
 
56
fi
 
57
 
 
58
if [ ! -f /etc/apparmor.d/lxc/lxc-default ]; then
 
59
        echo "E: $(basename ${0}): default profile does not exist!"
 
60
        exit 1
 
61
fi
 
62
 
 
63
cp -f /etc/apparmor.d/lxc/lxc-default /etc/apparmor.d/lxc/${profile}
 
64
sed -i "s/profile lxc-container-default/profile ${profile}/" /etc/apparmor.d/lxc/${profile}
 
65
 
 
66
sed -i '/lxc.aa_profile/d' /var/lib/lxc/${_CONTAINER}/config
 
67
echo "lxc.aa_profile = ${profile}" >> /var/lib/lxc/${_CONTAINER}/config
 
68
 
 
69
/lib/init/apparmor-profile-load lxc-containers
 
70
 
 
71
echo "Profile for ${_CONTAINER} updated.  Edit /etc/apparmor.d/lxc/${profile} to customize."