Revert "allow cgroupfs mounts under /sys/fs/cgroup"

This reverts commit 833bf9c. This change wasn't actually safe and is now superseded by the cgns profile. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
lxc · Mar 7, 2016 · eab570b · eab570b
1 parent 6a814f4
commit eab570b
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
@@ -91,6 +91,5 @@
   deny /sys/firmware/efi/efivars/** rwklx,
   deny /sys/kernel/security/** rwklx,
   mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
-  mount fstype=cgroup -> /sys/fs/cgroup/**,
   mount options=(ro, nosuid, nodev, noexec, remount, strictatime) -> /sys/fs/cgroup/,