mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Merge add keybase unconfined profile
Keybase needs to use user namespaces, hence it needs an unconfined profile when user namespaces are restricted from unconfined like other applications in MR #1123 https://gitlab.com/apparmor/apparmor/-/merge_requests/1123 In addition this serves as a handle to uniquely identify keybase instead of unconfined to peers in policy. Note that unconfined mode should be changed for default_allow when https://gitlab.com/apparmor/apparmor/-/merge_requests/1109 is merged. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1145 Approved-by: John Johansen <john@jjmx.net> Merged-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia
commit
48d475036a
1 changed files with 12 additions and 0 deletions
12
profiles/apparmor.d/keybase
Normal file
12
profiles/apparmor.d/keybase
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
# This profile allows everything and only exists to give the
|
||||
# application a name instead of having the label "unconfined"
|
||||
|
||||
abi <abi/4.0>,
|
||||
include <tunables/global>
|
||||
|
||||
profile keybase /opt/keybase/Keybase flags=(unconfined) {
|
||||
userns,
|
||||
|
||||
# Site-specific additions and overrides. See local/README for details.
|
||||
include if exists <local/keybase>
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue