/etc/apparmor.d/libvirt/TEMPLATE.lxc is in libvirt-bin 1.3.1-1ubuntu10.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | #
# This profile is for the domain whose UUID matches this file.
#
#include <tunables/global>
profile LIBVIRT_TEMPLATE (attach_disconnected,mediate_deleted) {
#include <abstractions/libvirt-lxc>
# Globally allows everything to run under this profile. This is fine-tuned via
# via abstractions/libvirt-lxc and can be narrowed depending on the
# container's use.
file,
capability,
network,
# the container may never be allowed to mount devpts. If it does, it
# will remount the host's devpts. We could allow it to do it with
# the newinstance option (but, right now, we don't).
deny mount fstype=devpts,
}
|