[lxc-devel] [lxd/master] lxd/apparmor: Allow ro, remount, noatime, bind

Tue, 28 Jan 2020 17:57:15 -0800 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/6800

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Apparently systemd uses that particular combination now too, so lets add
it to the ever growing list :)

Closes #6799

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>

From 1217df396fc19b041c094d1bc1f5082aad2abbcc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Tue, 28 Jan 2020 20:55:49 -0500
Subject: [PATCH] lxd/apparmor: Allow ro,remount,noatime,bind
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Apparently systemd uses that particular combination now too, so lets add
it to the ever growing list :)

Closes #6799

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
 lxd/apparmor/apparmor.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/lxd/apparmor/apparmor.go b/lxd/apparmor/apparmor.go
index 91e413dcf0..e7119d3cc1 100644
--- a/lxd/apparmor/apparmor.go
+++ b/lxd/apparmor/apparmor.go
@@ -186,6 +186,23 @@ const profileBase = `
   mount options=(ro,remount,bind,noexec,nodev) /sy[^s]*{,/**},
   mount options=(ro,remount,bind,noexec,nodev) /sys?*{,/**},
 
+  mount options=(ro,remount,bind,noatime) /[^spd]*{,/**},
+  mount options=(ro,remount,bind,noatime) /d[^e]*{,/**},
+  mount options=(ro,remount,bind,noatime) /de[^v]*{,/**},
+  mount options=(ro,remount,bind,noatime) /dev/.[^l]*{,/**},
+  mount options=(ro,remount,bind,noatime) /dev/.l[^x]*{,/**},
+  mount options=(ro,remount,bind,noatime) /dev/.lx[^c]*{,/**},
+  mount options=(ro,remount,bind,noatime) /dev/.lxc?*{,/**},
+  mount options=(ro,remount,bind,noatime) /dev/[^.]*{,/**},
+  mount options=(ro,remount,bind,noatime) /dev?*{,/**},
+  mount options=(ro,remount,bind,noatime) /p[^r]*{,/**},
+  mount options=(ro,remount,bind,noatime) /pr[^o]*{,/**},
+  mount options=(ro,remount,bind,noatime) /pro[^c]*{,/**},
+  mount options=(ro,remount,bind,noatime) /proc?*{,/**},
+  mount options=(ro,remount,bind,noatime) /s[^y]*{,/**},
+  mount options=(ro,remount,bind,noatime) /sy[^s]*{,/**},
+  mount options=(ro,remount,bind,noatime) /sys?*{,/**},
+
   mount options=(ro,remount,bind,nosuid) /[^spd]*{,/**},
   mount options=(ro,remount,bind,nosuid) /d[^e]*{,/**},
   mount options=(ro,remount,bind,nosuid) /de[^v]*{,/**},

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to