From 70aa5fdbb2a039625b08d305abdce52a2b04f936 Mon Sep 17 00:00:00 2001 From: Jeroen Rijken <jeroen.rijken@xs4all.nl> Date: Sat, 16 Jul 2022 21:20:30 +0200 Subject: [PATCH] Small fixes --- apparmor.d/abstractions/disks-read | 8 ++++---- apparmor.d/groups/virt/cni-loopback | 2 +- apparmor.d/groups/virt/containerd | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read index 1399c2c4..178f9fa7 100644 --- a/apparmor.d/abstractions/disks-read +++ b/apparmor.d/abstractions/disks-read @@ -8,7 +8,7 @@ /dev/ r, /dev/block/ r, - /dev/disk/*/ r, + /dev/disk/{,*/} r, # Regular disk/partition devices /dev/{s,v}d[a-z]* rk, @@ -37,14 +37,14 @@ # LUKS/LVM (device-mapper) devices /dev/dm-[0-9]* rk, - /dev/mapper/* r, + /dev/mapper/{,*} r, @{sys}/devices/virtual/block/dm-[0-9]*/ r, @{sys}/devices/virtual/block/dm-[0-9]*/** r, # ZFS devices /dev/zd[0-9]* rk, - /dev/zvol/ r, - /dev/zvol/*/ r, + /dev/zvol/{,*/} r, + /dev/*pool/ r, @{sys}/devices/virtual/block/zd[0-9]*/ r, @{sys}/devices/virtual/block/zd[0-9]*/** r, diff --git a/apparmor.d/groups/virt/cni-loopback b/apparmor.d/groups/virt/cni-loopback index da2cd4a0..f1e29c59 100644 --- a/apparmor.d/groups/virt/cni-loopback +++ b/apparmor.d/groups/virt/cni-loopback @@ -7,7 +7,7 @@ abi <abi/3.0>, include <tunables/global> @{exec_path} = /{usr/,}lib/cni/loopback /opt/cni/bin/loopback -profile cni-loopback @{exec_path} { +profile cni-loopback @{exec_path} flags=(attach_disconnected) { include <abstractions/base> @{exec_path} mr, diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd index f1be9889..db5899a6 100644 --- a/apparmor.d/groups/virt/containerd +++ b/apparmor.d/groups/virt/containerd @@ -56,7 +56,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) { /opt/containerd/{,**} rw, - /var/lib/cni/results/cni-loopback-@{uuid}-lo l, + /var/lib/cni/results/cni-loopback-@{uuid}-lo wl, /var/lib/containerd/{,**} rwk, /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l, /var/lib/docker/containerd/{,**} rwk,