From 305fceb4139159e0beda2af573ce01773ea713a9 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 18 Sep 2024 21:10:04 +0100 Subject: [PATCH] feat(profile): add buildx support in dockerd. --- apparmor.d/groups/virt/dockerd | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/apparmor.d/groups/virt/dockerd b/apparmor.d/groups/virt/dockerd index 64bba083..9e17f678 100644 --- a/apparmor.d/groups/virt/dockerd +++ b/apparmor.d/groups/virt/dockerd @@ -32,15 +32,24 @@ profile dockerd @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, + mount /tmp/containerd-mount@{int}/, + mount /var/lib/docker/buildkit/**/, mount /var/lib/docker/overlay2/**/, + mount /var/lib/docker/tmp/buildkit-mount@{int}/, mount options=(rw, bind) -> /run/docker/netns/*, mount options=(rw, rbind) -> /var/lib/docker/tmp/docker-builder@{int}/, mount options=(rw, rprivate) -> /.pivot_root@{int}/, mount options=(rw, rslave) -> /, + remount /tmp/containerd-mount@{int10}/, + remount /var/lib/docker/tmp/buildkit-mount@{int10}/, + umount /.pivot_root@{int}/, umount /run/docker/netns/*, + umount /tmp/containerd-mount@{int}/, + umount /var/lib/docker/buildkit/**/, umount /var/lib/docker/overlay*/**/, + umount /var/lib/docker/tmp/buildkit-mount@{int}/, pivot_root oldroot=/var/lib/docker/overlay*/**/.pivot_root@{int}/ /var/lib/docker/overlay2/**/, pivot_root oldroot=/var/lib/docker/tmp/**/.pivot_root@{int}/ /var/lib/docker/tmp/**/,