Quoting Christian Seiler (christ...@iwakd.de):
> Hi Serge,
>
> Thanks for reviewing!
>
> >> + /* load apparmor profile */
> >> + if ((options->namespaces & CLONE_NEWNS) && (options->attach_flags &
> >> LXC_ATTACH_APPARMOR)) {
> >> + ret = attach_apparmor(init_ctx->aa_profile);
> >> + if (ret < 0) {
> >> + shutdown(ipc_socket, SHUT_RDWR);
> >> + rexit(-1);
> >> + }
> >> + }
> >
> > Are you doign the CLONE_NEWNS check because proc might otherwise not be
> > mounted? Would it make sense to move attach-apparmor to after the
> > lxc_attach_remount_sys_proc() below so we can run it in that case too?
>
> Actually, for the attaching part, I just took the current code [1, line
> 163] and copied it without any modifications unless they were required
> because of the new structure. (I didn't add the apparmor part in the
> first place anyway, I don't use it myself.)
>
> [1]
> <https://github.com/lxc/lxc/blob/b93aac46f2802b3639c1ac2ed0cf71174673d110/src/lxc/lxc_attach.c>
>
> I don't really know what the rationale for the apparmor conditions are,
> so maybe one could do what you are suggesting, maybe not - I have no
> idea. On the other hand, I have no objection to it if you yourself are
> convinced that it will work. ;)
Thanks, hopefully i can do some extensive testing in the next week or
two and get some answers.
-serge
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
