mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add AppArmor support to containerd

Browse Source
This commit is contained in:
Jeroen Rijken 2022-07-06 20:50:14 +02:00
parent 9ea910d1a0
commit 3d63f9e21e
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apparmor.d/groups/virt/containerd
View File

@ -58,5 +58,11 @@ profile containerd @{exec_path} {
owner @{PROC}/@{pids}/mountinfo r, owner @{PROC}/@{pids}/mountinfo r,
@{PROC}/sys/net/core/somaxconn r, @{PROC}/sys/net/core/somaxconn r,
# AppArmor within containers
@{sys}/kernel/security/apparmor/profiles r,
@{sys}/module/apparmor/parameters/enabled r,
/tmp/cri-containerd.apparmor.d[0-9]* rwl,
/usr/sbin/apparmor_parser Px,
include if exists <local/containerd> include if exists <local/containerd>
} }