Add 'inst-prxct'

2020-08-04 17:12:36 +00:00
parent 2ff6ee01ca
commit e72cf3a150
1 changed files with 24 additions and 0 deletions
--- a/24
+++ b/24
@@ -0,0 +1,24 @@
+#For proxmox (lxc) containers a custom apparmor rule must be created an used
+
+# turn off the ct that you want to setup
+
+#contents of custom rule :/etc/apparmor.d/lxc/lxc-custom-dovecot
+
+profile lxc-container-custom-dovecot flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/lxc/container-base>
+  #include <abstractions/lxc/start-container>
+  deny mount fstype=devpts,
+  mount fstype=cgroup -> /sys/fs/cgroup/**,
+  mount fstype=cgroup2 -> /sys/fs/cgroup/**,
+  mount options=(rw, bind, ro),
+  mount options=(rw, rbind),
+  mount options=(rw, rshared),
+  mount options=(rw, bind),
+  mount options=(ro, remount, noatime, bind),
+  mount options=(ro, nosuid, noexec, remount, bind, strictatime),
+}
+#end of contents 
+systemctl reload apparmor
+echo "lxc.apparmor.profile: lxc-container-custom-dovecot" >> /etc/pve/lxc/<ctid>.conf
+#start the container
+# if dovecot does not work after continuing ins-instructions.txt please check dsmesg for apparmor="DENIED"