fix busybox template for use with AppArmor

Ensure /proc and /sys are mounted in the container, otherwise apparmor_enabled() will fail to find /sys/module/apparmor/parameters/enabled Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
lxc · Oct 17, 2013 · fefddf9 · fefddf9
1 parent c944b92
commit fefddf9
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
@@ -37,6 +37,7 @@ $rootfs/usr/bin \
 $rootfs/sbin \
 $rootfs/usr/sbin \
 $rootfs/proc \
+$rootfs/sys \
 $rootfs/mnt \
 $rootfs/tmp \
 $rootfs/var/log \
@@ -92,7 +93,6 @@ EOF
 
     # mount points
     cat <<EOF >> $rootfs/etc/fstab
-proc  /proc      proc    defaults     0      0
 shm   /dev/shm   tmpfs   defaults     0      0
 EOF
 
@@ -278,6 +278,8 @@ EOF
             echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config
         fi
     done
+    echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind 0 0" >>$path/config
+    echo "lxc.mount.auto = proc:mixed sys" >>$path/config
 }
 
 usage()