mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge profiles: runc: allow /usr/bin/runc as well as /usr/sbin/runc

Browse source 
Docker, Inc's `containerd.io` package installs runc onto `/usr/bin/runc` rather than `/usr/sbin/runc`.

```
$ wget https://download.docker.com/linux/ubuntu/dists/noble/pool/stable/amd64/containerd.io_1.7.20-1_amd64.deb
$ dpkg -c containerd.io_1.7.20-1_amd64.deb | grep /runc
-rwxr-xr-x root/root   9806280 2024-08-08 23:20 ./usr/bin/runc
```

Similar to 9ab45d "profiles: support distributions which merge sbin into bin".

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1300
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: Georgia Garcia <georgia.garcia@canonical.com>


(cherry picked from commit a50283bad0)

2333fbcf profiles: runc: allow /usr/bin/runc as well as /usr/sbin/runc

Co-authored-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia 2024-08-14 12:31:26 +00:00
parent 1e9e52f243
commit 5dd04c3389
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
profiles/apparmor.d/runc
View file

@ -4,7 +4,7 @@
abi <abi/4.0>, abi <abi/4.0>,
include <tunables/global> include <tunables/global>
profile runc /usr/sbin/runc flags=(unconfined) { profile runc /usr/{bin,sbin}/runc flags=(unconfined) {
userns, userns,
# Site-specific additions and overrides. See local/README for details. # Site-specific additions and overrides. See local/README for details.