From e896a211daed7279bcbe7e0e5c26d52a2791f559 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Wed, 22 May 2024 12:56:14 -0400
Subject: [PATCH] lxd/apparmor/lxc: Fix rule syntax
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes https://github.com/lxc/incus/issues/886

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
(cherry picked from commit d2c13e3f6312f08750981a80a510530e881c4ec7)
Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
License: Apache-2.0
---
 lxd/apparmor/instance_lxc.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lxd/apparmor/instance_lxc.go b/lxd/apparmor/instance_lxc.go
index d5c9470ada81..e3765e057a47 100644
--- a/lxd/apparmor/instance_lxc.go
+++ b/lxd/apparmor/instance_lxc.go
@@ -490,14 +490,14 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
   pivot_root,
 
   # Allow modifying mount propagation
-  mount options=(rw,slave) -> **,
-  mount options=(rw,rslave) -> **,
-  mount options=(rw,shared) -> **,
-  mount options=(rw,rshared) -> **,
-  mount options=(rw,private) -> **,
-  mount options=(rw,rprivate) -> **,
-  mount options=(rw,unbindable) -> **,
-  mount options=(rw,runbindable) -> **,
+  mount options=(rw,slave) -> /**,
+  mount options=(rw,rslave) -> /**,
+  mount options=(rw,shared) -> /**,
+  mount options=(rw,rshared) -> /**,
+  mount options=(rw,private) -> /**,
+  mount options=(rw,rprivate) -> /**,
+  mount options=(rw,unbindable) -> /**,
+  mount options=(rw,runbindable) -> /**,
 
   # Allow all bind-mounts
   mount options=(rw,bind) / -> /**,