mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Needed for certain containers like calico

Browse Source
This commit is contained in:
Jeroen Rijken 2022-07-16 17:38:02 +02:00 committed by Alex
parent 13aee74df9
commit 5a02490082
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apparmor.d/groups/virt/containerd
View File

@ -17,6 +17,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
capability chown, capability chown,
capability dac_read_search, capability dac_read_search,
capability dac_override, capability dac_override,
capability fsetid,
capability net_admin, capability net_admin,
capability sys_admin, capability sys_admin,
@ -57,7 +58,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
/var/lib/cni/results/cni-loopback-@{uuid}-lo l, /var/lib/cni/results/cni-loopback-@{uuid}-lo l,
/var/lib/containerd/{,**} rwk, /var/lib/containerd/{,**} rwk,
/var/lib/containerd/tmpmounts/containerd-mount[0-9]*/lib{64,}/** l, /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l,
/var/lib/docker/containerd/{,**} rwk, /var/lib/docker/containerd/{,**} rwk,
/var/log/pods/**/[0-9]*.log w, /var/log/pods/**/[0-9]*.log w,