From 5a024900824b68788551b994705821d4fe2b7628 Mon Sep 17 00:00:00 2001 From: Jeroen Rijken Date: Sat, 16 Jul 2022 17:38:02 +0200 Subject: [PATCH] Needed for certain containers like calico --- apparmor.d/groups/virt/containerd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd index 10738e9d..f1be9889 100644 --- a/apparmor.d/groups/virt/containerd +++ b/apparmor.d/groups/virt/containerd @@ -17,6 +17,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) { capability chown, capability dac_read_search, capability dac_override, + capability fsetid, capability net_admin, capability sys_admin, @@ -57,7 +58,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) { /var/lib/cni/results/cni-loopback-@{uuid}-lo l, /var/lib/containerd/{,**} rwk, - /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/lib{64,}/** l, + /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l, /var/lib/docker/containerd/{,**} rwk, /var/log/pods/**/[0-9]*.log w,