 eb9f3d858b
			
		
	
	eb9f3d858b
	
	
	
		
			
			The change moves the role out from the main repo lxc_host
repository and into its own standalone repository.
Items within this change:
  * The role has been updated to ensure it runs standalone.
  * Tests added to the role within tox.
  * Functional tests added to the role that can either be run
    via the run_tests.sh script or using tox.
  * dev requirements have been updated for testing usecases.
  * Docs added to both the README.rst file as well as the docs
    folder.
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
		
	
		
			
				
	
	
		
			27 lines
		
	
	
		
			1011 B
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
			
		
		
	
	
			27 lines
		
	
	
		
			1011 B
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
| # Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
 | |
| # will source all profiles under /etc/apparmor.d/lxc
 | |
| 
 | |
| profile lxc-openstack flags=(attach_disconnected,mediate_deleted) {
 | |
|   #include <abstractions/lxc/container-base>
 | |
| 
 | |
| # allow standard blockdevtypes.
 | |
| # The concern here is in-kernel superblock parsers bringing down the
 | |
| # host with bad data.  However, we continue to disallow proc, sys, securityfs,
 | |
| # etc to nonstandard locations.
 | |
|   mount fstype=ext* -> /**,
 | |
|   mount fstype=nbd* -> /**,
 | |
|   mount fstype=xfs -> /**,
 | |
|   mount fstype=btrfs -> /**,
 | |
|   mount fstype=vfat* -> /**,
 | |
|   mount fstype=fuseblk -> /**,
 | |
|   mount fstype=nbd* -> /**,
 | |
|   mount fstype=nfs* -> /**,
 | |
|   mount fstype=devpts,
 | |
| 
 | |
| # allow System access.
 | |
|   mount fstype=cgroup -> /sys/fs/cgroup/**,
 | |
|   mount fstype=proc -> {{ lxc_container_cache_path }}/**,
 | |
|   mount fstype=sysfs -> {{ lxc_container_cache_path }}/**,
 | |
|   mount options=(rw,bind) {{ lxc_container_cache_path }}/**/dev/shm/ -> {{ lxc_container_cache_path }}/**/run/shm/,
 | |
| }
 |