File: lxc-default-with-nesting

package info (click to toggle)
lxc 1%3A5.0.2-1%2Bdeb12u3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 6,416 kB
  • sloc: ansic: 68,763; sh: 4,118; python: 135; makefile: 53
file content (19 lines) | stat: -rw-r--r-- 798 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 
# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/lxc/container-base>
  #include <abstractions/lxc/start-container>

  deny /dev/.lxc/proc/** rw,
  deny /dev/.lxc/sys/** rw,
  mount fstype=proc -> /var/cache/lxc/**,
  mount fstype=sysfs -> /var/cache/lxc/**,
  mount options=(rw,bind),
  mount options=(rw,rbind) -> /run/systemd/unit-root/,
  mount options=(rw,rbind) -> /run/systemd/unit-root/**,
  mount options=(rw,rshared) -> /,
  mount options=(rw,nosuid,nodev,noexec) proc -> /run/systemd/unit-root/proc/,
  mount fstype=cgroup -> /sys/fs/cgroup/**,
  mount fstype=cgroup2 -> /sys/fs/cgroup/**,
}