On Thu, Jan 29, 2015 at 11:50:41PM +0000, Serge Hallyn wrote: > Because we now create the ttys from inside the container, we had to > add an apparmor rule for start-container to bind-mount /dev/pts/** -> > /dev/tty*/. > However that's not sufficient if the container sets lxc.ttydir, in > which case we need to support mounting onto files in subdirs of /dev. > > Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
Acked-by: Stéphane Graber <stgra...@ubuntu.com> > --- > config/apparmor/abstractions/start-container | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/config/apparmor/abstractions/start-container > b/config/apparmor/abstractions/start-container > index 0d02379..b06a84d 100644 > --- a/config/apparmor/abstractions/start-container > +++ b/config/apparmor/abstractions/start-container > @@ -13,7 +13,7 @@ > mount -> /usr/lib/lxc/{**,}, > mount fstype=devpts -> /dev/pts/, > mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/, > - mount options=bind /dev/pts/** -> /dev/tty*/, > + mount options=bind /dev/pts/** -> /dev/**, > mount options=(rw, make-slave) -> **, > mount fstype=debugfs, > # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/ > -- > 2.1.0 > > _______________________________________________ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel