From 3d63f9e21e018082b84283f1c0c5b6c31d859299 Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Wed, 6 Jul 2022 20:50:14 +0200
Subject: [PATCH] Add AppArmor support to containerd

---
 apparmor.d/groups/virt/containerd | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd
index 1ae77b55..982098f3 100644
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@@ -57,6 +57,12 @@ profile containerd @{exec_path} {
   owner @{PROC}/@{pids}/uid_map r,
   owner @{PROC}/@{pids}/mountinfo r,
         @{PROC}/sys/net/core/somaxconn r,
+  
+  # AppArmor within containers
+  @{sys}/kernel/security/apparmor/profiles r,
+  @{sys}/module/apparmor/parameters/enabled r,
+  /tmp/cri-containerd.apparmor.d[0-9]* rwl,
+  /usr/sbin/apparmor_parser Px,
 
   include if exists <local/containerd>
 }
\ No newline at end of file