mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-29 22:35:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Small fixes

Browse source
This commit is contained in:
Jeroen Rijken 2022-07-29 09:50:36 +02:00 committed by Alex
parent 616753aea0
commit 58cfe9ad37
3 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/virt/cni-xtables-nft
View file

@ -23,6 +23,7 @@ profile cni-xtables-nft {
network netlink raw,
@{exec_path} mr,
/{usr/,}{s,}bin/xtables-legacy-multi mr,
/etc/libnl/classid r,
/etc/iptables/{,**} rw,

7
apparmor.d/groups/virt/containerd
View file

@ -48,13 +48,13 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
/{usr/,}bin/unpigz rPUx,
/{usr/,}{local/,}{s,}bin/zfs rPx,
/ r,
/opt/cni/bin/loopback rPx,
/opt/cni/bin/portmap rPx,
/opt/cni/bin/bandwidth rPx,
/opt/cni/bin/calico rPx,
/ r,
/etc/cni/ rw,
/etc/cni/{,**} r,
/etc/cni/net.d/ rw,
@ -70,8 +70,9 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
/var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l,
/var/lib/docker/containerd/{,**} rwk,
/var/lib/kubelet/seccomp/{,**} r,
/var/lib/security-profiles-operator/{,**} r,
/var/log/pods/**/[0-9]*.log{,*} w,
/var/lib/security-profiles-operator/{,**/*.json} r,
@{run}/calico/ w,
@{run}/containerd/{,**} rwk,

3
apparmor.d/profiles-g-l/ip
View file

@ -7,11 +7,12 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/ip
@{exec_path} = /{usr/,}{s,}bin/ip
profile ip @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
capability bpf,
capability net_admin,
capability sys_admin,
capability sys_module,