Description: templates: add commented lxc.aa_profile line to configs
 Containers by default run in the lxc-container-default profile.  Leave
 a commented example in every container config we create to show how to
 run the container unconfined.
Author: Serge Hallyn <serge.hallyn@ubuntu.com>
Forwarded: no

Index: lxc-0.7.5/templates/lxc-busybox.in
===================================================================
--- lxc-0.7.5.orig/templates/lxc-busybox.in	2012-03-30 14:18:45.000000000 -0500
+++ lxc-0.7.5/templates/lxc-busybox.in	2012-03-30 14:33:53.180884715 -0500
@@ -233,6 +233,8 @@
 lxc.tty = 1
 lxc.pts = 1
 lxc.rootfs = $rootfs
+# uncomment the next line to run the container unconfined:
+#lxc.aa_profile = unconfined
 EOF
 
 if [ -d "$rootfs/lib" ]; then
Index: lxc-0.7.5/templates/lxc-debian.in
===================================================================
--- lxc-0.7.5.orig/templates/lxc-debian.in	2012-03-30 14:18:45.000000000 -0500
+++ lxc-0.7.5/templates/lxc-debian.in	2012-03-30 14:34:29.248886113 -0500
@@ -231,6 +231,9 @@
 ## Capabilities
 lxc.cap.drop                            = sys_admin
 
+# uncomment the next line to run the container unconfined:
+#lxc.aa_profile = unconfined
+
 ## Devices
 #lxc.cgroup.devices.allow               = a
 lxc.cgroup.devices.deny                 = a
Index: lxc-0.7.5/templates/lxc-fedora.in
===================================================================
--- lxc-0.7.5.orig/templates/lxc-fedora.in	2012-03-30 14:18:45.000000000 -0500
+++ lxc-0.7.5/templates/lxc-fedora.in	2012-03-30 14:34:55.504887132 -0500
@@ -237,6 +237,10 @@
 lxc.pts = 1024
 lxc.rootfs = $rootfs_path
 lxc.mount  = $config_path/fstab
+
+# uncomment the next line to run the container unconfined:
+#lxc.aa_profile = unconfined
+
 #cgroups
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
Index: lxc-0.7.5/templates/lxc-lenny.in
===================================================================
--- lxc-0.7.5.orig/templates/lxc-lenny.in	2012-03-30 14:18:45.000000000 -0500
+++ lxc-0.7.5/templates/lxc-lenny.in	2012-03-30 14:35:25.124888280 -0500
@@ -182,6 +182,9 @@
 lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs
+# uncomment the next line to run the container unconfined:
+#lxc.aa_profile = unconfined
+
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm
Index: lxc-0.7.5/templates/lxc-opensuse.in
===================================================================
--- lxc-0.7.5.orig/templates/lxc-opensuse.in	2012-03-30 14:18:45.000000000 -0500
+++ lxc-0.7.5/templates/lxc-opensuse.in	2012-03-30 14:35:45.572889075 -0500
@@ -240,6 +240,8 @@
 lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.mount  = $path/fstab
+# uncomment the next line to run the container unconfined:
+#lxc.aa_profile = unconfined
 
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
Index: lxc-0.7.5/templates/lxc-sshd.in
===================================================================
--- lxc-0.7.5.orig/templates/lxc-sshd.in	2012-03-30 14:18:45.000000000 -0500
+++ lxc-0.7.5/templates/lxc-sshd.in	2012-03-30 14:35:57.884889551 -0500
@@ -113,6 +113,8 @@
 lxc.utsname = $name
 lxc.pts = 1024
 lxc.rootfs = $rootfs
+# uncomment the next line to run the container unconfined:
+#lxc.aa_profile = unconfined
 lxc.mount.entry=/dev dev none ro,bind 0 0
 lxc.mount.entry=/lib lib none ro,bind 0 0
 lxc.mount.entry=/bin bin none ro,bind 0 0
Index: lxc-0.7.5/templates/lxc-ubuntu-cloud.in
===================================================================
--- lxc-0.7.5.orig/templates/lxc-ubuntu-cloud.in	2012-03-30 14:18:45.000000000 -0500
+++ lxc-0.7.5/templates/lxc-ubuntu-cloud.in	2012-03-30 14:36:18.724890360 -0500
@@ -54,6 +54,8 @@
 lxc.mount  = $path/fstab
 lxc.arch = $arch
 lxc.cap.drop = sys_module mac_admin
+# uncomment the next line to run the container unconfined:
+#lxc.aa_profile = unconfined
 
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)
Index: lxc-0.7.5/templates/lxc-ubuntu.in
===================================================================
--- lxc-0.7.5.orig/templates/lxc-ubuntu.in	2012-03-30 14:18:45.000000000 -0500
+++ lxc-0.7.5/templates/lxc-ubuntu.in	2012-03-30 14:36:33.028890916 -0500
@@ -305,6 +305,8 @@
 lxc.mount  = $path/fstab
 lxc.arch = $arch
 lxc.cap.drop = sys_module mac_admin
+# uncomment the next line to run the container unconfined:
+#lxc.aa_profile = unconfined
 
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)
