mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow signals from containerd to calico

Browse source
This commit is contained in:
Jeroen Rijken 2022-07-19 17:14:32 +02:00 committed by Alex
parent 8f81a39df1
commit c03c624472
2 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/virt/cni-calico
View file

@ -19,6 +19,8 @@ profile cni-calico @{exec_path} flags=(attach_disconnected) {
network inet6 stream,
network netlink raw,
signal (receive) set=kill peer=containerd,
@{exec_path} mr,
@{exec_path}-ipam rix,

1
apparmor.d/groups/virt/containerd
View file

@ -37,6 +37,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
umount @{run}/netns/cni-@{uuid},
signal (receive) set=term peer=dockerd,
signal (send) set=kill peer=cni-calico,
@{exec_path} mr,
/{usr/,}{s,}bin/apparmor_parser rPx,