mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-07 02:35:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add ptrace subprofile

Browse source
This commit is contained in:
Jeroen Rijken 2022-07-21 16:03:54 +02:00 committed by Alex
parent d6d9c943ae
commit 61eab33cd8
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/virt/k3s
View file

@ -24,8 +24,7 @@ profile k3s @{exec_path} flags=(complain) {
capability sys_resource, capability sys_resource,
ptrace peer=@{profile_name}, ptrace peer=@{profile_name},
ptrace (read) peer=unconfined, ptrace (read) peer={cri-containerd.apparmor.d,k3s//xtables-nft-multi,unconfined},
ptrace (read) peer=cri-containerd.apparmor.d,
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
@ -149,6 +148,7 @@ profile k3s @{exec_path} flags=(complain) {
@{sys}/module/apparmor/parameters/enabled r, @{sys}/module/apparmor/parameters/enabled r,
/dev/kmsg r, /dev/kmsg r,
/dev/pts/[0-9]* rw,
profile xtables-nft-multi flags=(complain) { profile xtables-nft-multi flags=(complain) {
include <abstractions/base> include <abstractions/base>