mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(profiles): add and merge some cni profiles.

Browse Source
This commit is contained in:
Alexandre Pujol 2022-07-10 14:24:09 +01:00
parent 4f7cf8d90e
commit d8449de55e
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
6 changed files with 69 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apparmor.d/groups/virt/cni-bandwidth
View File

@ -6,16 +6,19 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /opt/cni/bin/bandwidth
profile bandwidth @{exec_path} {
@{exec_path} = /{usr/,}lib/cni/bandwidth /opt/cni/bin/bandwidth
profile cni-bandwidth @{exec_path} {
include <abstractions/base>
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
network netlink raw,
@{exec_path} mr,
network inet,
network netlink raw,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
include if exists <local/bandwidth>
include if exists <local/cni-bandwidth>
}

18
apparmor.d/groups/virt/cni-bridge Normal file
View File

@ -0,0 +1,18 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}lib/cni/bridge /opt/cni/bin/bridge
profile cni-bridge @{exec_path} {
include <abstractions/base>
@{exec_path} mr,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
include if exists <local/cni-bridge>
}

18
apparmor.d/groups/virt/cni-firewall Normal file
View File

@ -0,0 +1,18 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}lib/cni/firewall /opt/cni/bin/firewall
profile cni-firewall @{exec_path} {
include <abstractions/base>
@{exec_path} mr,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
include if exists <local/cni-firewall>
}

6
apparmor.d/groups/virt/cni-loopback
View File

@ -6,13 +6,13 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /opt/cni/bin/loopback
profile loopback @{exec_path} {
@{exec_path} = /{usr/,}lib/cni/loopback /opt/cni/bin/loopback
profile cni-loopback @{exec_path} {
include <abstractions/base>
@{exec_path} mr,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
include if exists <local/loopback>
include if exists <local/cni-loopback>
}

6
apparmor.d/groups/virt/cni-portmap
View File

@ -6,13 +6,13 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /opt/cni/bin/portmap
profile portmap @{exec_path} {
@{exec_path} = /{usr/,}lib/cni/portmap /opt/cni/bin/portmap
profile cni-portmap @{exec_path} {
include <abstractions/base>
@{exec_path} mr,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
include if exists <local/portmap>
include if exists <local/cni-portmap>
}

18
apparmor.d/groups/virt/cni-tuning Normal file
View File

@ -0,0 +1,18 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}lib/cni/tuning /opt/cni/bin/tuning
profile cni-tuning @{exec_path} {
include <abstractions/base>
@{exec_path} mr,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
include if exists <local/cni-tuning>
}