mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
2333fbcf74
Docker, Inc's `containerd.io` package installs runc onto `/usr/bin/runc` rather than `/usr/sbin/runc`. ``` $ wget https://download.docker.com/linux/ubuntu/dists/noble/pool/stable/amd64/containerd.io_1.7.20-1_amd64.deb $ dpkg -c containerd.io_1.7.20-1_amd64.deb | grep /runc -rwxr-xr-x root/root 9806280 2024-08-08 23:20 ./usr/bin/runc ``` Similar to 9ab45d "profiles: support distributions which merge sbin into bin". Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
12 lines
340 B
Text
12 lines
340 B
Text
# This profile allows everything and only exists to give the
|
|
# application a name instead of having the label "unconfined"
|
|
|
|
abi <abi/4.0>,
|
|
include <tunables/global>
|
|
|
|
profile runc /usr/{bin,sbin}/runc flags=(unconfined) {
|
|
userns,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
include if exists <local/runc>
|
|
}
|