mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
profiles: add unconfined balena-etcher profile
Balena Etcher runs in a degraded sandbox mode when unprivileged userns is not available. Add an unconfined profile so it's properly sandboxed. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia
parent
a5a1ecfe5c
commit
70125895f3
1 changed files with 12 additions and 0 deletions
12
profiles/apparmor.d/balena-etcher
Normal file
12
profiles/apparmor.d/balena-etcher
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
# This profile allows everything and only exists to give the
|
||||||
|
# application a name instead of having the label "unconfined"
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
profile balena-etcher /usr/lib/balena-etcher/balena-etcher flags=(unconfined) {
|
||||||
|
userns,
|
||||||
|
|
||||||
|
# Site-specific additions and overrides. See local/README for details.
|
||||||
|
include if exists <local/balena-etcher>
|
||||||
|
}
|
||||||
Loading…
Add table
Reference in a new issue