OXIESEC PANEL
- Current Dir:
/
/
etc
/
apparmor.d
/
abstractions
/
lxc
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
05/09/2024 07:14:29 AM
rwxr-xr-x
📄
container-base
8 KB
11/23/2018 04:49:34 AM
rw-r--r--
📄
start-container
1.48 KB
11/23/2018 04:49:34 AM
rw-r--r--
Editing: start-container
Close
network, capability, file, # The following 3 entries are only supported by recent apparmor versions. # Comment them if the apparmor parser doesn't recognize them. dbus, signal, ptrace, # currently blocked by apparmor bug mount -> /usr/lib*/*/lxc/{**,}, mount -> /usr/lib*/lxc/{**,}, mount -> /usr/lib/x86_64-linux-gnu/lxc/{,**}, mount fstype=devpts -> /dev/pts/, mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/, mount options=bind /dev/pts/** -> /dev/**, mount options=(rw, make-slave) -> **, mount options=(rw, make-rslave) -> **, mount fstype=debugfs, # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/ mount -> /var/lib/lxc/{**,}, # required for some pre-mount hooks mount fstype=overlayfs, mount fstype=aufs, mount fstype=ecryptfs, # all umounts are under the original root's /mnt, but right now we # can't allow those umounts after pivot_root. So allow all umounts # right now. They'll be restricted for the container at least. umount, #umount /mnt/{**,}, # This may look a bit redundant, however it appears we need all of # them if we want things to work properly on all combinations of kernel # and userspace parser... pivot_root /usr/lib*/lxc/, pivot_root /usr/lib*/*/lxc/, pivot_root /usr/lib*/lxc/**, pivot_root /usr/lib*/*/lxc/**, pivot_root /usr/lib/x86_64-linux-gnu/lxc/{,**}, change_profile -> lxc-*, change_profile -> lxc-**, change_profile -> unconfined, change_profile -> :lxc-*:unconfined,