mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-06 18:25:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

sort rules

Browse source
This commit is contained in:
Jeroen Rijken 2022-08-19 10:31:23 +02:00 committed by Alex
parent e64011c4de
commit c680dfe7db
1 changed files with 11 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
apparmor.d/groups/virt/k3s
View file

@ -115,11 +115,6 @@ profile k3s @{exec_path} {
@{PROC}/loadavg r, @{PROC}/loadavg r,
@{PROC}/modules r, @{PROC}/modules r,
@{PROC}/sys/fs/pipe-max-size r, @{PROC}/sys/fs/pipe-max-size r,
@{PROC}/sys/net/core/somaxconn r,
@{PROC}/sys/net/ipv{4,6}/conf/all/* rw,
@{PROC}/sys/net/ipv{4,6}/conf/default/* rw,
@{PROC}/sys/net/bridge/bridge-nf-call-iptables r,
@{PROC}/sys/net/netfilter/* rw,
@{PROC}/sys/kernel/keys/* r, @{PROC}/sys/kernel/keys/* r,
@{PROC}/sys/kernel/panic rw, @{PROC}/sys/kernel/panic rw,
@{PROC}/sys/kernel/panic_on_oom rw, @{PROC}/sys/kernel/panic_on_oom rw,
@ -127,6 +122,11 @@ profile k3s @{exec_path} {
@{PROC}/sys/kernel/pid_max r, @{PROC}/sys/kernel/pid_max r,
@{PROC}/sys/kernel/osrelease r, @{PROC}/sys/kernel/osrelease r,
@{PROC}/sys/kernel/threads-max r, @{PROC}/sys/kernel/threads-max r,
@{PROC}/sys/net/core/somaxconn r,
@{PROC}/sys/net/ipv{4,6}/conf/all/* rw,
@{PROC}/sys/net/ipv{4,6}/conf/default/* rw,
@{PROC}/sys/net/bridge/bridge-nf-call-iptables r,
@{PROC}/sys/net/netfilter/* rw,
@{PROC}/sys/vm/overcommit_memory rw, @{PROC}/sys/vm/overcommit_memory rw,
@{PROC}/sys/vm/panic_on_oom r, @{PROC}/sys/vm/panic_on_oom r,
@ -139,14 +139,15 @@ profile k3s @{exec_path} {
@{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r, @{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r,
@{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
@{sys}/devices/system/cpu/present{,/} r, @{sys}/devices/system/cpu/present{,/} r,
@{sys}/devices/virtual/net/cali[0-9a-f]*/{address,mtu,speed} r,
@{sys}/devices/virtual/net/vxlan.calico/{address,mtu,speed} r,
@{sys}/devices/system/node/ r, @{sys}/devices/system/node/ r,
@{sys}/devices/system/node/node[0-9]*/ r, @{sys}/devices/system/node/node[0-9]*/ r,
@{sys}/devices/system/node/node[0-9]*/{cpumap,distance,meminfo} r, @{sys}/devices/system/node/node[0-9]*/{cpumap,distance,meminfo} r,
@{sys}/devices/system/node/node[0-9]*/hugepages/{,**} r, @{sys}/devices/system/node/node[0-9]*/hugepages/{,**} r,
@{sys}/devices/virtual/block/*/** r,
@{sys}/devices/virtual/dmi/id/* r, @{sys}/devices/virtual/dmi/id/* r,
@{sys}/devices/virtual/net/cali[0-9a-f]*/{address,mtu,speed} r,
@{sys}/devices/virtual/net/vxlan.calico/{address,mtu,speed} r,
@{sys}/fs/cgroup/{,*,*/} r, @{sys}/fs/cgroup/{,*,*/} r,
@{sys}/fs/cgroup/cgroup.subtree_control rw, @{sys}/fs/cgroup/cgroup.subtree_control rw,