apparmor.d/profiles/lxc/lxc-default-with-mounting

# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default-with-mounting flags=(attach_disconnected,mediate_deleted) {
  include <abstractions/lxc/container-base>

# allow standard blockdevtypes.
# The concern here is in-kernel superblock parsers bringing down the
# host with bad data.  However, we continue to disallow proc, sys, securityfs,
# etc to nonstandard locations.
  mount fstype=ext*,
  mount fstype=xfs,
  mount fstype=btrfs,
}
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00			`# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which`
			`# will source all profiles under /etc/apparmor.d/lxc`

			`profile lxc-container-default-with-mounting flags=(attach_disconnected,mediate_deleted) {`
update profiles for apparmor3 2020-12-10 22:33:39 +01:00			`include <abstractions/lxc/container-base>`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00
			`# allow standard blockdevtypes.`
			`# The concern here is in-kernel superblock parsers bringing down the`
			`# host with bad data. However, we continue to disallow proc, sys, securityfs,`
			`# etc to nonstandard locations.`
			`mount fstype=ext*,`
			`mount fstype=xfs,`
			`mount fstype=btrfs,`
			`}`