[Bug 876968] Re: host Apparmor rules are applied to guests in spite of guests loading new rules
Serge Hallyn
876968 at bugs.launchpad.net
Tue Oct 18 02:49:54 UTC 2011
Apparmor is MAC - in my opinion it's not valid to have a container guest
specify its own policy.
However, the container should be entering a domain which protects the
host from the container, and in which executing any programs do not
cause more domain transitions (unless specified by the container's
policy).
This is something I want to discuss at UDS and implement during the
precise cycle.
** Changed in: lxc (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: lxc (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/876968
Title:
host Apparmor rules are applied to guests in spite of guests loading
new rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/876968/+subscriptions
More information about the Ubuntu-server-bugs
mailing list