void-packages/srcpkgs/lxc/patches/apparmor-with-rootfs-mount.patch

diff --git config/apparmor/Makefile.am config/apparmor/Makefile.am
index 71dbe158..858f58dd 100644
--- config/apparmor/Makefile.am
+++ config/apparmor/Makefile.am
@@ -19,7 +19,7 @@ install-apparmor:
 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
 	$(INSTALL_DATA) $(srcdir)/abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
-	$(INSTALL_DATA) $(srcdir)/abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
+	$(INSTALL_DATA) abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/
 	$(INSTALL_DATA) $(srcdir)/profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
 	$(INSTALL_DATA) $(srcdir)/profiles/lxc-default-cgns $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
 	$(INSTALL_DATA) $(srcdir)/profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/
diff --git config/apparmor/abstractions/start-container config/apparmor/abstractions/start-container.in
similarity index 95%
rename from config/apparmor/abstractions/start-container
rename to config/apparmor/abstractions/start-container.in
index 3df9883e..f2b48235 100644
--- config/apparmor/abstractions/start-container
+++ config/apparmor/abstractions/start-container.in
@@ -11,6 +11,7 @@
   # currently blocked by apparmor bug
   mount -> /usr/lib*/*/lxc/{**,},
   mount -> /usr/lib*/lxc/{**,},
+  mount -> @LXCROOTFSMOUNT@/{,**},
   mount fstype=devpts -> /dev/pts/,
   mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,
   mount options=bind /dev/pts/** -> /dev/**,
@@ -38,6 +39,7 @@
   pivot_root /usr/lib*/*/lxc/,
   pivot_root /usr/lib*/lxc/**,
   pivot_root /usr/lib*/*/lxc/**,
+  pivot_root @LXCROOTFSMOUNT@/{,**},
 
   change_profile -> lxc-*,
   change_profile -> lxc-**,
diff --git configure.ac configure.ac
index 92d6601d..a54bc332 100644
--- configure.ac
+++ configure.ac
@@ -714,6 +714,7 @@ AC_CONFIG_FILES([
 
 	config/Makefile
 	config/apparmor/Makefile
+	config/apparmor/abstractions/start-container
 	config/selinux/Makefile
 	config/bash/Makefile
 	config/bash/lxc
lxc: fix AppArmor profile, force docbook2x format 2018-09-25 21:21:39 +00:00			`diff --git config/apparmor/Makefile.am config/apparmor/Makefile.am`
			`index 71dbe158..858f58dd 100644`
			`--- config/apparmor/Makefile.am`
			`+++ config/apparmor/Makefile.am`
			`@@ -19,7 +19,7 @@ install-apparmor:`
			`$(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/`
			`$(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/`
			`$(INSTALL_DATA) $(srcdir)/abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/`
			`- $(INSTALL_DATA) $(srcdir)/abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/`
			`+ $(INSTALL_DATA) abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/`
			`$(INSTALL_DATA) $(srcdir)/profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/`
			`$(INSTALL_DATA) $(srcdir)/profiles/lxc-default-cgns $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/`
			`$(INSTALL_DATA) $(srcdir)/profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/`
			`diff --git config/apparmor/abstractions/start-container config/apparmor/abstractions/start-container.in`
			`similarity index 95%`
			`rename from config/apparmor/abstractions/start-container`
			`rename to config/apparmor/abstractions/start-container.in`
			`index 3df9883e..f2b48235 100644`
			`--- config/apparmor/abstractions/start-container`
			`+++ config/apparmor/abstractions/start-container.in`
			`@@ -11,6 +11,7 @@`
			`# currently blocked by apparmor bug`
			`mount -> /usr/lib//lxc/{**,},`
			`mount -> /usr/lib/lxc/{*,},`
			`+ mount -> @LXCROOTFSMOUNT@/{,**},`
			`mount fstype=devpts -> /dev/pts/,`
			`mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,`
			`mount options=bind /dev/pts/ -> /dev/,`
			`@@ -38,6 +39,7 @@`
			`pivot_root /usr/lib//lxc/,`
			`pivot_root /usr/lib/lxc/*,`
			`pivot_root /usr/lib//lxc/**,`
			`+ pivot_root @LXCROOTFSMOUNT@/{,**},`

			`change_profile -> lxc-*,`
			`change_profile -> lxc-**,`
			`diff --git configure.ac configure.ac`
			`index 92d6601d..a54bc332 100644`
			`--- configure.ac`
			`+++ configure.ac`
			`@@ -714,6 +714,7 @@ AC_CONFIG_FILES([`

			`config/Makefile`
			`config/apparmor/Makefile`
			`+ config/apparmor/abstractions/start-container`
			`config/selinux/Makefile`
			`config/bash/Makefile`
			`config/bash/lxc`