mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 23:05:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow signals from containerd to calico

Browse source
This commit is contained in:
Jeroen Rijken 2022-07-19 17:14:32 +02:00 committed by Alex
parent 8f81a39df1
commit c03c624472
2 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/virt/cni-calico
View file

@ -19,6 +19,8 @@ profile cni-calico @{exec_path} flags=(attach_disconnected) {
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
signal (receive) set=kill peer=containerd,
@{exec_path} mr, @{exec_path} mr,
@{exec_path}-ipam rix, @{exec_path}-ipam rix,

1
apparmor.d/groups/virt/containerd
View file

@ -37,6 +37,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
umount @{run}/netns/cni-@{uuid}, umount @{run}/netns/cni-@{uuid},
signal (receive) set=term peer=dockerd, signal (receive) set=term peer=dockerd,
signal (send) set=kill peer=cni-calico,
@{exec_path} mr, @{exec_path} mr,
/{usr/,}{s,}bin/apparmor_parser rPx, /{usr/,}{s,}bin/apparmor_parser rPx,