[lxc-devel] [lxd/master] lxd/apparmor: Apparently the order matters

Sun, 22 Mar 2020 10:25:08 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7070

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>

From 02c91e4e39b0fd7a0d5f3df6af898d77bc5e08f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Sun, 22 Mar 2020 13:24:10 -0400
Subject: [PATCH] lxd/apparmor: Apparently the order matters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
 lxd/apparmor/apparmor.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/lxd/apparmor/apparmor.go b/lxd/apparmor/apparmor.go
index abeb15bf0f..ceec2dece0 100644
--- a/lxd/apparmor/apparmor.go
+++ b/lxd/apparmor/apparmor.go
@@ -211,6 +211,23 @@ const profileBase = `
   mount options=(ro,remount,bind,noatime) /sy[^s]*{,/**},
   mount options=(ro,remount,bind,noatime) /sys?*{,/**},
 
+  mount options=(ro,remount,noatime,bind) /[^spd]*{,/**},
+  mount options=(ro,remount,noatime,bind) /d[^e]*{,/**},
+  mount options=(ro,remount,noatime,bind) /de[^v]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/.[^l]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/.l[^x]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/.lx[^c]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/.lxc?*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/[^.]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev?*{,/**},
+  mount options=(ro,remount,noatime,bind) /p[^r]*{,/**},
+  mount options=(ro,remount,noatime,bind) /pr[^o]*{,/**},
+  mount options=(ro,remount,noatime,bind) /pro[^c]*{,/**},
+  mount options=(ro,remount,noatime,bind) /proc?*{,/**},
+  mount options=(ro,remount,noatime,bind) /s[^y]*{,/**},
+  mount options=(ro,remount,noatime,bind) /sy[^s]*{,/**},
+  mount options=(ro,remount,noatime,bind) /sys?*{,/**},
+
   mount options=(ro,remount,bind,nosuid) /[^spd]*{,/**},
   mount options=(ro,remount,bind,nosuid) /d[^e]*{,/**},
   mount options=(ro,remount,bind,nosuid) /de[^v]*{,/**},

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to