mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(profiles): docker pull need full access of the container.

Browse source
This commit is contained in:
Alexandre Pujol 2022-12-10 15:18:00 +00:00
parent ee83e1c33c
commit c453484eab
Failed to generate hash of commit
1 changed files with 1 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/groups/virt/dockerd
View file

@ -61,12 +61,9 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
/{usr/,}bin/ps rPx,
/{usr/,}bin/unpigz rix,
# Docker needs full access of the containers it manage.
# Docker needs full access of the containers it manages.
# TODO: should be in a sub profile started with pivot_root, not supported yet.
/{,**} rwl,
deny /boot/{,**} rwl,
deny /media/{,**} rwl,
deny /mnt/{,**} rwl,
owner /{usr/,}lib/docker/overlay2/*/work/{,**} rw,
owner /var/lib/docker/{,**} rwk,