Eric Windisch 7342d59114 AppArmor: Deny w to /proc/* files ...

Introduce a write denial for files at the root of /proc.

This prohibits root users from performing a chmod of those
files. The rules for denials in proc are also cleaned up,
making the rules better match their targets.

Locally tested on:
- Ubuntu precise (12.04) with AppArmor 2.7
- Ubuntu trusty (14.04) with AppArmor 2.8.95

Signed-off-by: Eric Windisch <eric@windisch.us>

2015-08-13 15:39:25 -04:00

..

template

Update libcontainer

2015-07-16 16:02:26 -07:00

apparmor.go

AppArmor: Deny w to /proc/* files

2015-08-13 15:39:25 -04:00

create.go

revert apparmor changes back to how it was in 1.7.1, but keep tests

2015-08-06 12:49:25 -07:00

driver_unsupported_nocgo.go

Fix golint warnings for daemon/execdriver/*

2015-07-28 08:43:22 +08:00

driver_unsupported.go

Fix golint warnings for daemon/execdriver/*

2015-07-28 08:43:22 +08:00

driver.go

remove docker-unconfined profile we were not using it and it breaks apparmor on wheezy

2015-08-06 16:51:01 -07:00

exec.go

Fix golint warnings for daemon/execdriver/*

2015-07-28 08:43:22 +08:00

info.go

Fix golint warnings for daemon/execdriver/*

2015-07-28 08:43:22 +08:00

init.go

Update libcontainer

2015-07-16 16:02:26 -07:00