Add AppArmor support to containerd

2024-11-14 23:43:56 +01:00 · 2022-07-06 20:50:14 +02:00 · 2022-07-06 20:50:14 +02:00 · 3d63f9e21e
commit 3d63f9e21e
parent 9ea910d1a0
1 changed files with 6 additions and 0 deletions
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@ -57,6 +57,12 @@ profile containerd @{exec_path} {
  owner @{PROC}/@{pids}/uid_map r,
  owner @{PROC}/@{pids}/mountinfo r,
        @{PROC}/sys/net/core/somaxconn r,
+  
+  # AppArmor within containers
+  @{sys}/kernel/security/apparmor/profiles r,
+  @{sys}/module/apparmor/parameters/enabled r,
+  /tmp/cri-containerd.apparmor.d[0-9]* rwl,
+  /usr/sbin/apparmor_parser Px,

  include if exists <local/containerd>
 }