From e9bcd3f82041aff5d54876dc873539293549ff60 Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Sun, 17 Jul 2022 14:22:13 +0200
Subject: [PATCH] Small fixes

---
 apparmor.d/groups/virt/cni-calico | 1 +
 apparmor.d/groups/virt/containerd | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/apparmor.d/groups/virt/cni-calico b/apparmor.d/groups/virt/cni-calico
index fbbb304a..0f1e060e 100644
--- a/apparmor.d/groups/virt/cni-calico
+++ b/apparmor.d/groups/virt/cni-calico
@@ -24,6 +24,7 @@ profile cni-calico @{exec_path} {
   /var/log/calico/cni/ r,
   /var/log/calico/cni/cni.log rw,
   
+  @{run}/calico/ rw,
   @{run}/calico/ipam.lock rwk,
 
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd
index db5899a6..cb470771 100644
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@@ -98,5 +98,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
   /dev/snd/by-path/    r,
   /dev/vfio/           r,
 
+  deny / r,
+
   include if exists <local/containerd>
 }