deps/softwarecontainer-dependencies.sh: Enable apparmor and seccomp i…

…n LXC Add `--enable-apparmor` and `--enable-seccomp` flags at LXC configuration stage AppArmor is required to allow to apply additional MAC restrictions to container described in AppArmor profile. seccomp is required to apply additional restrictions on system calls from container using seccomp syscall blacklist and whitelist. Signed-off-by: Alexander Livenets <[email protected]>
Pelagicore · Apr 20, 2020 · 5c2b093 · 5c2b093
1 parent b3c965c
commit 5c2b093
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/deps/softwarecontainer-dependencies.sh b/deps/softwarecontainer-dependencies.sh
@@ -44,7 +44,8 @@ function install {
 # For softwarecontainer
 install libdbus-1-dev libglibmm-2.4-dev libglibmm-2.4 \
         unzip bridge-utils lcov libjansson-dev libjansson4 \
-        dbus-x11 libcap-dev libtool python3-dev
+        dbus-x11 libcap-dev libtool python3-dev \
+        seccomp libseccomp-dev
 
 apt-get remove --allow-downgrades --allow-remove-essential --allow-change-held-packages -fuy lxcfs lxc2 lxc-dev lxc-common \
         liblxc-common liblxc-dev lxc1 liblxc1 lxc-templates lxc-tests lxc-utils python3-lxc
@@ -55,6 +56,6 @@ git clone git://github.com/lxc/lxc -b lxc-3.1.0
 cd lxc
 
 ./autogen.sh
-./configure --prefix=/usr --enable-capabilities --enable-python
+./configure --prefix=/usr --enable-capabilities --enable-python --enable-apparmor --enable-seccomp
 
 make && make install