The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/3720
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Stéphane Graber <[email protected]>
From 09e0667c0fa3280d8370cee479de8a9cc938e187 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= <[email protected]> Date: Fri, 25 Aug 2017 13:50:07 -0400 Subject: [PATCH] apparmor: Support new stacking syntax MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber <[email protected]> --- lxd/apparmor.go | 1 + test/suites/basic.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lxd/apparmor.go b/lxd/apparmor.go index 47a188139..f2920f421 100644 --- a/lxd/apparmor.go +++ b/lxd/apparmor.go @@ -347,6 +347,7 @@ func getAAProfileContent(c container) string { deny /sys/kernel/security?*{,/**} wklx, deny /sys/kernel?*{,/**} wklx, ` + profile += fmt.Sprintf(" change_profile -> \":%s:*\",\n", AANamespace(c)) profile += fmt.Sprintf(" change_profile -> \":%s://*\",\n", AANamespace(c)) } else { profile += "\n ### Feature: apparmor stacking (not present)\n" diff --git a/test/suites/basic.sh b/test/suites/basic.sh index 0b18c13fe..5ea57c721 100644 --- a/test/suites/basic.sh +++ b/test/suites/basic.sh @@ -365,7 +365,7 @@ test_basic_usage() { if [ "${MAJOR}" -gt "1" ] || ([ "${MAJOR}" = "1" ] && [ "${MINOR}" -ge "2" ]); then aa_namespace="lxd-lxd-apparmor-test_<$(echo "${LXD_DIR}" | sed -e 's/\//-/g' -e 's/^.//')>" - aa-status | grep ":${aa_namespace}://unconfined" + aa-status | grep -q ":${aa_namespace}:unconfined" || aa-status | grep -q ":${aa_namespace}://unconfined" lxc stop lxd-apparmor-test --force ! aa-status | grep -q ":${aa_namespace}:" else
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
