From 5c2b093ec515515eba1be9727d104354db06be1f Mon Sep 17 00:00:00 2001 From: Alexander Livenets Date: Fri, 17 Apr 2020 22:54:47 +0200 Subject: [PATCH] deps/softwarecontainer-dependencies.sh: Enable apparmor and seccomp in LXC Add `--enable-apparmor` and `--enable-seccomp` flags at LXC configuration stage AppArmor is required to allow to apply additional MAC restrictions to container described in AppArmor profile. seccomp is required to apply additional restrictions on system calls from container using seccomp syscall blacklist and whitelist. Signed-off-by: Alexander Livenets --- deps/softwarecontainer-dependencies.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deps/softwarecontainer-dependencies.sh b/deps/softwarecontainer-dependencies.sh index 6207081..fc1717a 100755 --- a/deps/softwarecontainer-dependencies.sh +++ b/deps/softwarecontainer-dependencies.sh @@ -44,7 +44,8 @@ function install { # For softwarecontainer install libdbus-1-dev libglibmm-2.4-dev libglibmm-2.4 \ unzip bridge-utils lcov libjansson-dev libjansson4 \ - dbus-x11 libcap-dev libtool python3-dev + dbus-x11 libcap-dev libtool python3-dev \ + seccomp libseccomp-dev apt-get remove --allow-downgrades --allow-remove-essential --allow-change-held-packages -fuy lxcfs lxc2 lxc-dev lxc-common \ liblxc-common liblxc-dev lxc1 liblxc1 lxc-templates lxc-tests lxc-utils python3-lxc @@ -55,6 +56,6 @@ git clone git://github.com/lxc/lxc -b lxc-3.1.0 cd lxc ./autogen.sh -./configure --prefix=/usr --enable-capabilities --enable-python +./configure --prefix=/usr --enable-capabilities --enable-python --enable-apparmor --enable-seccomp make && make install