Hi Serge,
On Mon, 2014-07-14 at 13:55 +, Serge Hallyn wrote:
Quoting Cédric Bosdonnat (cbosdon...@suse.com):
diff --git a/examples/apparmor/libvirt-lxc b/examples/apparmor/libvirt-lxc
index d404328..4bfb503 100644
--- a/examples/apparmor/libvirt-lxc
+++
Quoting Cedric Bosdonnat (cbosdon...@suse.com):
Hi Serge,
On Mon, 2014-07-14 at 13:55 +, Serge Hallyn wrote:
Quoting Cédric Bosdonnat (cbosdon...@suse.com):
diff --git a/examples/apparmor/libvirt-lxc b/examples/apparmor/libvirt-lxc
index d404328..4bfb503 100644
---
Quoting Cédric Bosdonnat (cbosdon...@suse.com):
diff --git a/examples/apparmor/libvirt-lxc b/examples/apparmor/libvirt-lxc
index d404328..4bfb503 100644
--- a/examples/apparmor/libvirt-lxc
+++ b/examples/apparmor/libvirt-lxc
@@ -2,16 +2,115 @@
Hi,
this being a verbatim copy from lxc's
Quoting Cédric Bosdonnat (cbosdon...@suse.com):
Rework the apparmor lxc profile abstraction to mimic ubuntu's
container-default.
This profile allows quite a lot, but strives to restrict access to
dangerous resources.
Removing the explicit authorizations to bash, systemd and cron files,
Quoting Cedric Bosdonnat (cbosdon...@suse.com):
On Fri, 2014-07-11 at 16:08 +, Serge Hallyn wrote:
Quoting Cédric Bosdonnat (cbosdon...@suse.com):
Rework the apparmor lxc profile abstraction to mimic ubuntu's
container-default.
This profile allows quite a lot, but strives to
On Fri, 2014-07-11 at 16:08 +, Serge Hallyn wrote:
Quoting Cédric Bosdonnat (cbosdon...@suse.com):
Rework the apparmor lxc profile abstraction to mimic ubuntu's
container-default.
This profile allows quite a lot, but strives to restrict access to
dangerous resources.
Removing
Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default.
This profile allows quite a lot, but strives to restrict access to
dangerous resources.
Removing the explicit authorizations to bash, systemd and cron files,
forces them to keep the lxc profile for all applications
