lxc-user-nic should run in its own apparmor profile
Bug #1380519 reported by
Serge Hallyn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Triaged
|
High
|
Unassigned |
Bug Description
The lxc-user-nic program is a setuid-root program to create veth nics and hook them to the host bridge and unprivileged containers. It should run under a very tight apparmor profile.
(Make sure to test with ovs bridges as well, as its call-out to ovs-vsctl may have unexpected requirements)
To post a comment you must log in.