fix(profile): minor fixes.

2025-02-03 08:45:06 +01:00 · 2024-11-13 13:31:06 +00:00 · 2024-11-13 13:31:06 +00:00 · b4bcb2f16e
commit b4bcb2f16e
parent 194d18191e
2 changed files with 6 additions and 4 deletions
--- a/apparmor.d/profiles-g-l/ip
+++ b/apparmor.d/profiles-g-l/ip
@ -20,11 +20,13 @@ profile ip @{exec_path} flags=(attach_disconnected) {

  network netlink raw,

-  mount options=(rw, rshared)                       -> @{run}/netns/,
-  mount options=(rw, rslave)                        -> /,
+  mount fstype=sysfs                                -> /sys/,
+  mount options=(rw bind)                         / -> @{run}/netns/*,
+  mount options=(rw rbind)            @{run}/netns/ -> @{run}/netns/,
  mount options=(rw, bind)                  @{att}/ ->  @{run}/netns/*,
  mount options=(rw, bind) /etc/netns/*/resolv.conf -> /etc/resolv.conf,
-  mount fstype=sysfs                                -> /sys/,
+  mount options=(rw, rshared)                       -> @{run}/netns/,
+  mount options=(rw, rslave)                        -> /,

  umount @{run}/netns/*,
  umount /sys/,
--- a/apparmor.d/profiles-s-z/sync
+++ b/apparmor.d/profiles-s-z/sync
@ -14,7 +14,7 @@ profile sync @{exec_path} {
  @{exec_path} mr,

  # All paths where sync can be used to flush all write operations on a single file to disk
-  /** rw,
+  /{,**} rw,

  include if exists <local/sync>
 }