mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 07:54:17 +01:00
feat(abs): bwrap: add special mount rule for debian.
This commit is contained in:
parent
8fe2bf4c20
commit
08a1aba39d
@ -2,10 +2,9 @@
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
# Minimal set of rules for bwrap
|
||||
|
||||
# A minimal set of rules for sandboxed programs using bwrap.
|
||||
# A profile using this abstraction still needs to set:
|
||||
# - the attach_disconnected flag
|
||||
# - the flag: attach_disconnected
|
||||
# - bwrap execution: '@{bin}/bwrap rix,'
|
||||
|
||||
# userns,
|
||||
@ -31,6 +30,9 @@
|
||||
umount /,
|
||||
umount /oldroot/,
|
||||
|
||||
#aa:only debian whonix
|
||||
mount -> /newroot/{,**}, # Debian does not support the remount rule.
|
||||
|
||||
pivot_root oldroot=/newroot/ /newroot/,
|
||||
pivot_root oldroot=/tmp/oldroot/ /tmp/,
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user