From 69d66f1e729aadfcf2f47aaedaf738a888e4646d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@ubuntu.com>
Date: Wed, 29 Aug 2012 09:27:53 -0700
Subject: [PATCH] Add lxc.aa_profile example to all templates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

LXC has optional apparmor support, default profile is lxc-container-default.
This change adds a commented "lxc.aa_profile = default" line to all templates,
uncommenting this will bypass apparmor for the container.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
---
 templates/lxc-busybox.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index f6e8b5a9a..581074cae 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -233,6 +233,9 @@ cat <<EOF >> $path/config
 lxc.utsname = $name
 lxc.tty = 1
 lxc.pts = 1
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 EOF
 
 if [ -d "$rootfs/lib" ]; then