Small fixes

2025-01-30 14:55:15 +01:00 · 2022-07-16 21:20:30 +02:00 · 2022-07-16 21:20:30 +02:00 · 70aa5fdbb2
commit 70aa5fdbb2
parent 5a02490082
3 changed files with 6 additions and 6 deletions
--- a/apparmor.d/abstractions/disks-read
+++ b/apparmor.d/abstractions/disks-read
@ -8,7 +8,7 @@

  /dev/ r,
  /dev/block/ r,
-  /dev/disk/*/ r,
+  /dev/disk/{,*/} r,

  # Regular disk/partition devices
  /dev/{s,v}d[a-z]* rk,
@ -37,14 +37,14 @@

  # LUKS/LVM (device-mapper) devices
  /dev/dm-[0-9]* rk,
-  /dev/mapper/* r,
+  /dev/mapper/{,*} r,
  @{sys}/devices/virtual/block/dm-[0-9]*/ r,
  @{sys}/devices/virtual/block/dm-[0-9]*/** r,

  # ZFS devices
  /dev/zd[0-9]* rk,
-  /dev/zvol/ r,
-  /dev/zvol/*/ r,
+  /dev/zvol/{,*/} r,
+  /dev/*pool/ r,
  @{sys}/devices/virtual/block/zd[0-9]*/ r,
  @{sys}/devices/virtual/block/zd[0-9]*/** r,

--- a/apparmor.d/groups/virt/cni-loopback
+++ b/apparmor.d/groups/virt/cni-loopback
@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>

@{exec_path} = /{usr/,}lib/cni/loopback /opt/cni/bin/loopback
-profile cni-loopback @{exec_path} {
+profile cni-loopback @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>

  @{exec_path} mr,
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@ -56,7 +56,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {

  /opt/containerd/{,**} rw,

-  /var/lib/cni/results/cni-loopback-@{uuid}-lo l,
+  /var/lib/cni/results/cni-loopback-@{uuid}-lo wl,
  /var/lib/containerd/{,**} rwk,
  /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l,
  /var/lib/docker/containerd/{,**} rwk,