mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Needed for certain containers like calico

Browse Source
This commit is contained in:
Jeroen Rijken 2022-07-16 17:38:02 +02:00 committed by Alex
parent 13aee74df9
commit 5a02490082
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apparmor.d/groups/virt/containerd
View File

@ -17,6 +17,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
capability chown,
capability dac_read_search,
capability dac_override,
capability fsetid,
capability net_admin,
capability sys_admin,
@ -57,7 +58,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
/var/lib/cni/results/cni-loopback-@{uuid}-lo l,
/var/lib/containerd/{,**} rwk,
/var/lib/containerd/tmpmounts/containerd-mount[0-9]*/lib{64,}/** l,
/var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l,
/var/lib/docker/containerd/{,**} rwk,
/var/log/pods/**/[0-9]*.log w,