apparmor: allow to preserve /dev mountpoints into qemu namespaces
Libvirt now tries to preserve all mounts under /dev in qemu namespaces. The old rules only listed a set of known paths but those are no more enough. I found some due to containers like /dev/.lxc/* and such but also /dev/console and /dev/net/tun. Libvirt is correct to do so, but we can no more predict the names properly, so we modify the rule to allow a wildcard based pattern matching what libvirt does. Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
Showing
想要评论请 注册 或 登录