Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
Your IP : 3.144.21.237
network,
capability,
file,
# The following 3 entries are only supported by recent apparmor versions.
# Comment them if the apparmor parser doesn't recognize them.
dbus,
signal,
ptrace,
# currently blocked by apparmor bug
mount -> /usr/lib/*/lxc/{**,},
mount -> /usr/lib/lxc/{**,},
mount fstype=devpts -> /dev/pts/,
mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
mount options=bind /dev/pts/** -> /dev/**,
mount options=(rw, make-slave) -> **,
mount options=(rw, make-rslave) -> **,
mount fstype=debugfs,
# allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
mount -> /var/lib/lxc/{**,},
# required for some pre-mount hooks
mount fstype=overlayfs,
mount fstype=aufs,
mount fstype=ecryptfs,
# all umounts are under the original root's /mnt, but right now we
# can't allow those umounts after pivot_root. So allow all umounts
# right now. They'll be restricted for the container at least.
umount,
#umount /mnt/{**,},
# This may look a bit redundant, however it appears we need all of
# them if we want things to work properly on all combinations of kernel
# and userspace parser...
pivot_root /usr/lib/lxc/,
pivot_root /usr/lib/*/lxc/,
pivot_root /usr/lib/lxc/**,
pivot_root /usr/lib/*/lxc/**,
change_profile -> lxc-*,
change_profile -> unconfined,
change_profile -> :lxc-*:unconfined,
|