mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
bf5db67284
`pivot_root` is required for running `slirp4netns --enable-sandbox` inside LXD. - https://github.com/rootless-containers/slirp4netns/issues/348 - https://github.com/rootless-containers/slirp4netns/blob/v1.3.1/sandbox.c#L101-L234 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
16 lines
517 B
Text
16 lines
517 B
Text
# This profile allows everything and only exists to give the
|
|
# application a name instead of having the label "unconfined"
|
|
|
|
abi <abi/4.0>,
|
|
include <tunables/global>
|
|
|
|
profile slirp4netns /usr/bin/slirp4netns flags=(unconfined) {
|
|
userns,
|
|
|
|
# pivot_root is required for running `slirp4netns --enable-sandbox` inside LXD.
|
|
# https://github.com/rootless-containers/slirp4netns/issues/348
|
|
pivot_root,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
include if exists <local/slirp4netns>
|
|
}
|