The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3117
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Would close #3115
From 84597151581f798d74322cdcf5fcc4b1d0fc0948 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pierre-Elliott=20B=C3=A9cue?= <be...@crans.org> Date: Sat, 10 Aug 2019 22:07:42 +0200 Subject: [PATCH] [aa-profile] Deny access to /proc/acpi/** --- config/apparmor/abstractions/container-base.in | 1 + 1 file changed, 1 insertion(+) diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in index 1a3ead89ad..2606fb64c6 100644 --- a/config/apparmor/abstractions/container-base.in +++ b/config/apparmor/abstractions/container-base.in @@ -73,6 +73,7 @@ # block some other dangerous paths deny @{PROC}/kcore rwklx, deny @{PROC}/sysrq-trigger rwklx, + deny @{PROC}/acpi/** rwklx, # deny writes in /sys except for /sys/fs/cgroup, also allow # fusectl, securityfs and debugfs to be mounted there (read-only)
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel