mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 23:05:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): add buildx support in dockerd.

Browse source
This commit is contained in:
Alexandre Pujol 2024-09-18 21:10:04 +01:00
parent bdac1adf8f
commit 305fceb413
Failed to generate hash of commit
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
apparmor.d/groups/virt/dockerd
View file

@ -32,15 +32,24 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
network inet6 stream,
network netlink raw,
mount /tmp/containerd-mount@{int}/,
mount /var/lib/docker/buildkit/**/,
mount /var/lib/docker/overlay2/**/,
mount /var/lib/docker/tmp/buildkit-mount@{int}/,
mount options=(rw, bind) -> /run/docker/netns/*,
mount options=(rw, rbind) -> /var/lib/docker/tmp/docker-builder@{int}/,
mount options=(rw, rprivate) -> /.pivot_root@{int}/,
mount options=(rw, rslave) -> /,
remount /tmp/containerd-mount@{int10}/,
remount /var/lib/docker/tmp/buildkit-mount@{int10}/,
umount /.pivot_root@{int}/,
umount /run/docker/netns/*,
umount /tmp/containerd-mount@{int}/,
umount /var/lib/docker/buildkit/**/,
umount /var/lib/docker/overlay*/**/,
umount /var/lib/docker/tmp/buildkit-mount@{int}/,
pivot_root oldroot=/var/lib/docker/overlay*/**/.pivot_root@{int}/ /var/lib/docker/overlay2/**/,
pivot_root oldroot=/var/lib/docker/tmp/**/.pivot_root@{int}/ /var/lib/docker/tmp/**/,