[Bug 942934] Re: update apparmor profile to restrict mounts

Launchpad Bug Tracker 942934 at bugs.launchpad.net
Wed Mar 21 14:35:13 UTC 2012


This bug was fixed in the package lxc - 0.7.5-3ubuntu41

---------------
lxc (0.7.5-3ubuntu41) precise; urgency=low

  * add lxc-shutdown command:
    - 0060-lxc-shutdown: add the command to the source
    - debian/lxc.upstart: use lxc-shutdown to shut down containers cleanly
    - debian/lxc.default: add LXC_SHUTDOWN_TIMEOUT (default 120s)
  * support per-container apparmor policies:  (LP: #953453)
    - 0061-lxc-start-apparmor: add lxc.aa_profile to config file.  If not
      specified, lxc-default profile is used for container.  Otherwise, the
      specified profile is used.
      Note that per-container profiles must be named 'lxc-*'.
    - split debian/lxc-default.apparmor from debian/lxc.apparmor.
    - have /etc/apparmor.d/lxc-containers #include /etc/apparmor.d/lxc/*
    - debian/lxc.postinst: load the new lxc-containers profiles
    - debian/lxc.postrm: remove lxc-containers profiles
    - debian/rules: make new etc/apparmor.d/lxc dir and copy lxc-default into it
    - debian/control: add libapparmor-dev to build-depends
    - debian/lxc.upstart: load apparmor per-container policies at pre-start.
  * debian/lxc.apparmor: insert the stricter mount rules for lxc-start
    (LP: #645625) (LP: #942934)
  * debian/local/lxc-start-ephemeral: re-enable aufs option (LP: #960262)
  * replace upstream lxc-wait with our own bash script (LP: #951181)
    - debian/local/lxc-wait: the script
    - debian/rules: copy the script into place
  * 0062-templates-relative-paths: update templates to use relative paths,
    and make lxc-start always accept /var/lib/lxc/CN/rootfs as target prefix,
    to make lvm containers work.  (LP: #960860)
 -- Serge Hallyn <serge.hallyn at ubuntu.com>   Wed, 21 Mar 2012 08:20:06 -0500

** Changed in: lxc (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/942934

Title:
  update apparmor profile to restrict mounts

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/942934/+subscriptions



More information about the Ubuntu-server-bugs mailing list