diff --git a/apparmor.d/groups/virt/calico b/apparmor.d/groups/virt/calico index b68944be..ad021b21 100644 --- a/apparmor.d/groups/virt/calico +++ b/apparmor.d/groups/virt/calico @@ -6,8 +6,8 @@ abi , include -@{exec_path} = /{opt/,}{cni/,}bin/calico -profile calico @{exec_path} flags=(complain) { +@{exec_path} = /opt/cni/bin/calico +profile calico @{exec_path} { include network inet, diff --git a/apparmor.d/groups/virt/cni-bandwidth b/apparmor.d/groups/virt/cni-bandwidth index 1de4dbf4..c477581d 100644 --- a/apparmor.d/groups/virt/cni-bandwidth +++ b/apparmor.d/groups/virt/cni-bandwidth @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{opt/,}{cni/,}bin/bandwidth +@{exec_path} = /opt/cni/bin/bandwidth profile bandwidth @{exec_path} { include diff --git a/apparmor.d/groups/virt/cni-loopback b/apparmor.d/groups/virt/cni-loopback index a6ff7d6f..e1389f93 100644 --- a/apparmor.d/groups/virt/cni-loopback +++ b/apparmor.d/groups/virt/cni-loopback @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{opt/,}{cni/,}bin/loopback +@{exec_path} = /opt/cni/bin/loopback profile loopback @{exec_path} { include diff --git a/apparmor.d/groups/virt/cni-portmap b/apparmor.d/groups/virt/cni-portmap index 02e24956..8d768844 100644 --- a/apparmor.d/groups/virt/cni-portmap +++ b/apparmor.d/groups/virt/cni-portmap @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{opt/,}{cni/,}bin/portmap +@{exec_path} = /opt/cni/bin/portmap profile portmap @{exec_path} { include diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd index c44b9300..212846e7 100644 --- a/apparmor.d/groups/virt/containerd +++ b/apparmor.d/groups/virt/containerd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}bin/containerd -profile containerd @{exec_path} { +profile containerd @{exec_path} flags=(attach_disconnected) { include include include