lxc icon indicating copy to clipboard operation
lxc copied to clipboard
verified publisher icon lxc

Improve build flow and AppArmor rules

Open kairosci-dev opened this issue 4 months ago • 4 comments

This pull request introduces several improvements and fixes across the build system and AppArmor profile handling for containers. The most significant changes enhance the flexibility and reliability of the build process, update security profile rules, and refine the logic for determining privileged containers.

Build system improvements:

  • Refactored the Makefile to use variable-based build directories (BUILDDIR, DISTDIR), added clean and rebuild targets, and improved robustness of Meson setup and dist commands. This makes the build process more maintainable and easier to use.
  • Fixed a syntax error in meson.build related to missing types detection, ensuring proper configuration checks for struct mount_attr.

AppArmor and container privilege logic:

  • Refined the logic for determining whether a container is privileged: now, a container is only considered privileged if it has no user namespace mapping and is running as root (uid 0), making the privilege check more accurate.

kairosci-dev avatar Aug 16 '25 20:08 kairosci-dev

@stgraber When you can, can you review it?

kairosci-dev avatar Aug 17 '25 10:08 kairosci-dev

@mihalicyn

stgraber avatar Sep 04 '25 02:09 stgraber

Could you take a look at it?

kairosci-dev avatar Nov 13 '25 19:11 kairosci-dev

I've pinged @mihalicyn again, let's see if he can give this a review

stgraber avatar Nov 13 '25 20:11 stgraber