Merge pull request #7070 from stgraber/master

lxd/apparmor: Apparently the order matters
lxc · Mar 22, 2020 · fd83a04 · fd83a04
2 parents de87f30 + 02c91e4
commit fd83a04
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/lxd/apparmor/apparmor.go b/lxd/apparmor/apparmor.go
@@ -211,6 +211,23 @@ const profileBase = `
   mount options=(ro,remount,bind,noatime) /sy[^s]*{,/**},
   mount options=(ro,remount,bind,noatime) /sys?*{,/**},
 
+  mount options=(ro,remount,noatime,bind) /[^spd]*{,/**},
+  mount options=(ro,remount,noatime,bind) /d[^e]*{,/**},
+  mount options=(ro,remount,noatime,bind) /de[^v]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/.[^l]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/.l[^x]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/.lx[^c]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/.lxc?*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev/[^.]*{,/**},
+  mount options=(ro,remount,noatime,bind) /dev?*{,/**},
+  mount options=(ro,remount,noatime,bind) /p[^r]*{,/**},
+  mount options=(ro,remount,noatime,bind) /pr[^o]*{,/**},
+  mount options=(ro,remount,noatime,bind) /pro[^c]*{,/**},
+  mount options=(ro,remount,noatime,bind) /proc?*{,/**},
+  mount options=(ro,remount,noatime,bind) /s[^y]*{,/**},
+  mount options=(ro,remount,noatime,bind) /sy[^s]*{,/**},
+  mount options=(ro,remount,noatime,bind) /sys?*{,/**},
+
   mount options=(ro,remount,bind,nosuid) /[^spd]*{,/**},
   mount options=(ro,remount,bind,nosuid) /d[^e]*{,/**},
   mount options=(ro,remount,bind,nosuid) /de[^v]*{,/**},