apparmor: allow shared mounts in start-container.in

Signed-off-by: Christian Brauner (Microsoft) <[email protected]>
scandian · Nov 29, 2022 · 01ae6d4 · 01ae6d4
1 parent 81d94a4
commit 01ae6d4
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/config/apparmor/abstractions/start-container.in b/config/apparmor/abstractions/start-container.in
@@ -17,6 +17,8 @@
   mount options=bind /dev/pts/** -> /dev/**,
   mount options=(rw, make-slave) -> **,
   mount options=(rw, make-rslave) -> **,
+  mount options=(rw, make-shared) -> **,
+  mount options=(rw, make-rshared) -> **,
   mount fstype=debugfs,
   # allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
   mount -> /var/lib/lxc/{**,},