mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge profiles: slirp4netns: allow pivot_root

Browse source 
`pivot_root` is required for running `slirp4netns --enable-sandbox` inside LXD.
- https://github.com/rootless-containers/slirp4netns/issues/348
- https://github.com/rootless-containers/slirp4netns/blob/v1.3.1/sandbox.c#L101-L234

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1298
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2024-08-29 18:44:15 +00:00
commit cf3428f774
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
profiles/apparmor.d/slirp4netns
View file

@ -7,6 +7,10 @@ include <tunables/global>
profile slirp4netns /usr/bin/slirp4netns flags=(unconfined) {
userns,
# pivot_root is required for running `slirp4netns --enable-sandbox` inside LXD.
# https://github.com/rootless-containers/slirp4netns/issues/348
pivot_root,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/slirp4netns>
}