mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Typo and calico proc.

Browse Source
This commit is contained in:
Jeroen Rijken 2022-07-19 14:52:32 +02:00 committed by Alex
parent c84455cca4
commit a3415dc42c
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apparmor.d/groups/virt/cni-calico
View File

@ -34,7 +34,9 @@ profile cni-calico @{exec_path} flags=(attach_disconnected) {
@{run}/calico/ipam.lock rwk,
@{run}/netns/cni-@{uuid} r,
/proc/sys/net/ipv4/ip_forward rw,
@{PROC}/sys/net/ipv4/ip_forward rw,
@{PROC}/sys/net/ipv4/{conf,neigh}/cali[0-9a-z]*/* rw,
@{PROC}/sys/net/ipv6/{conf,neigh}/cali[0-9a-z]*/* rw,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,

2
apparmor.d/groups/virt/containerd
View File

@ -62,7 +62,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
/var/lib/cni/{,**/} w,
/var/lib/cni/results/cni-loopback-@{uuid}-lo wl,
/var/lib/cni/results/cni-loopback-[0-9a-f]*-lo wl,
/var/lib/cni/results/k8s-pod-network-[0-9a-f]*-eth0
/var/lib/cni/results/k8s-pod-network-[0-9a-f]*-eth0,
/var/lib/containerd/{,**} rwk,
/var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l,
/var/lib/docker/containerd/{,**} rwk,