Overview

File libcontainer-apparmor-fixes.patch of Package docker.583

Index: docker/vendor/src/github.com/docker/libcontainer/apparmor/gen.go
===================================================================
--- docker.orig/vendor/src/github.com/docker/libcontainer/apparmor/gen.go
+++ docker/vendor/src/github.com/docker/libcontainer/apparmor/gen.go
@@ -25,18 +25,6 @@ profile {{.Name}} flags=(attach_disconne
   network,
   capability,
   file,
-  umount,
-
-  mount fstype=tmpfs,
-  mount fstype=mqueue,
-  mount fstype=fuse.*,
-  mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
-  mount fstype=efivarfs -> /sys/firmware/efi/efivars/,
-  mount fstype=fusectl -> /sys/fs/fuse/connections/,
-  mount fstype=securityfs -> /sys/kernel/security/,
-  mount fstype=debugfs -> /sys/kernel/debug/,
-  mount fstype=proc -> /proc/,
-  mount fstype=sysfs -> /sys/,
 
   deny @{PROC}/sys/fs/** wklx,
   deny @{PROC}/sysrq-trigger rwklx,
@@ -45,10 +33,6 @@ profile {{.Name}} flags=(attach_disconne
   deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx,
   deny @{PROC}/sys/kernel/*/** wklx,
 
-  deny mount options=(ro, remount) -> /,
-  deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/,
-  deny mount fstype=devpts,
-
   deny /sys/[^f]*/** wklx,
   deny /sys/f[^s]*/** wklx,
   deny /sys/fs/[^c]*/** wklx,
openSUSE Build Service is sponsored by
Places