The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/794
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Some systems need to be able to bind-mount /run to /var/run
and /run/lock to /var/run/lock. (Tested with opensuse 13.1
containers migrated from openvz.)
Signed-off-by: Wolfgang Bumiller <[email protected]>
From 4a491a31c23e64f29152a4b5e4ff07b361074261 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <[email protected]>
Date: Tue, 2 Feb 2016 09:13:04 +0100
Subject: [PATCH] apparmor: allow binding /run/{,lock/} -> /var/run/{,lock/}
Some systems need to be able to bind-mount /run to /var/run
and /run/lock to /var/run/lock. (Tested with opensuse 13.1
containers migrated from openvz.)
Signed-off-by: Wolfgang Bumiller <[email protected]>
---
config/apparmor/abstractions/container-base.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/config/apparmor/abstractions/container-base.in
b/config/apparmor/abstractions/container-base.in
index 1121256..3a001d8 100644
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -62,6 +62,10 @@
# allow bind mount of /lib/init/fstab for lxcguest
mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/,
+ # allow bind mounts of /run/{,lock} to /var/run/{,lock}
+ mount options=(rw, bind) /run/ -> /var/run/,
+ mount options=(rw, bind) /run/lock/ -> /var/lock/,
+
# deny writes in /proc/sys/fs but allow binfmt_misc to be mounted
mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
deny @{PROC}/sys/fs/** wklx,
_______________________________________________
lxc-devel mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-devel
