From e72cf3a1502946cf93328fc8154b8733ae3faeb6 Mon Sep 17 00:00:00 2001
From: Bram Prieshof <brammp@noreply.bprieshof.nl>
Date: Tue, 4 Aug 2020 17:12:36 +0000
Subject: [PATCH] Add 'inst-prxct'

---
 inst-prxct | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 inst-prxct

diff --git a/inst-prxct b/inst-prxct
new file mode 100644
index 0000000..b4d757b
--- /dev/null
+++ b/inst-prxct
@@ -0,0 +1,24 @@
+#For proxmox (lxc) containers a custom apparmor rule must be created an used
+
+# turn off the ct that you want to setup
+
+#contents of custom rule :/etc/apparmor.d/lxc/lxc-custom-dovecot
+
+profile lxc-container-custom-dovecot flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/lxc/container-base>
+  #include <abstractions/lxc/start-container>
+  deny mount fstype=devpts,
+  mount fstype=cgroup -> /sys/fs/cgroup/**,
+  mount fstype=cgroup2 -> /sys/fs/cgroup/**,
+  mount options=(rw, bind, ro),
+  mount options=(rw, rbind),
+  mount options=(rw, rshared),
+  mount options=(rw, bind),
+  mount options=(ro, remount, noatime, bind),
+  mount options=(ro, nosuid, noexec, remount, bind, strictatime),
+}
+#end of contents 
+systemctl reload apparmor
+echo "lxc.apparmor.profile: lxc-container-custom-dovecot" >> /etc/pve/lxc/<ctid>.conf
+#start the container
+# if dovecot does not work after continuing ins-instructions.txt please check dsmesg for apparmor="DENIED"
\ No newline at end of file