docker.io (1.2.0~dfsg1-1ubuntu1) utopic; urgency=medium
* debian/patches/sync-apparmor-with-lxc.patch: update AppArmor policy to
by in sync with LXC. Specifically this:
- reorganizes the rules to allow for easier comparison with other
container policy
- adds comments for many rules
- adds bare dbus rule
- adds ptrace rule to allow ptracing ourselves
- adds deny mount options=(ro, remount, silent) -> /
- allows hugetlbfs
- adds cgmanager mount
- adds /sys/fs/pstore mount
- more specific /sys/kernel/security mount options
- more specific /sys mount options
- more specific /proc/sys/kernel/* deny rules
- more specific /proc/sys/net deny rules
- more specific /sys/class deny rules
- more specific /sys/devices deny rules
- more specific /sys/fs deny rules
-- Jamie Strandboge <email address hidden> Wed, 01 Oct 2014 13:24:01 -0500