From d2c13e3f6312f08750981a80a510530e881c4ec7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Wed, 22 May 2024 12:56:14 -0400
Subject: [PATCH] incusd/apparmor/lxc: Fix rule syntax
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #886

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
---
 internal/server/apparmor/instance_lxc.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/internal/server/apparmor/instance_lxc.go b/internal/server/apparmor/instance_lxc.go
index 80811944b20..4be87da7c01 100644
--- a/internal/server/apparmor/instance_lxc.go
+++ b/internal/server/apparmor/instance_lxc.go
@@ -510,14 +510,14 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
   pivot_root,
 
   # Allow modifying mount propagation
-  mount options=(rw,slave) -> **,
-  mount options=(rw,rslave) -> **,
-  mount options=(rw,shared) -> **,
-  mount options=(rw,rshared) -> **,
-  mount options=(rw,private) -> **,
-  mount options=(rw,rprivate) -> **,
-  mount options=(rw,unbindable) -> **,
-  mount options=(rw,runbindable) -> **,
+  mount options=(rw,slave) -> /**,
+  mount options=(rw,rslave) -> /**,
+  mount options=(rw,shared) -> /**,
+  mount options=(rw,rshared) -> /**,
+  mount options=(rw,private) -> /**,
+  mount options=(rw,rprivate) -> /**,
+  mount options=(rw,unbindable) -> /**,
+  mount options=(rw,runbindable) -> /**,
 
   # Allow all bind-mounts.
   mount options=(rw,bind) -> /**,