mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
6add80d83f
These are profiles for applications that create user namespaces, both the actual policy and unconfined profiles, like it was done in MR 1123. https://gitlab.com/apparmor/apparmor/-/merge_requests/1123 In addition this serves as a handle to uniquely identify these applications instead of unconfined to peers in policy. Note that unconfined mode should be changed for default_allow when https://gitlab.com/apparmor/apparmor/-/merge_requests/1109 is merged. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
12 lines
354 B
Text
12 lines
354 B
Text
# This profile allows everything and only exists to give the
|
|
# application a name instead of having the label "unconfined"
|
|
|
|
abi <abi/4.0>,
|
|
include <tunables/global>
|
|
|
|
profile surfshark /opt/Surfshark/surfshark flags=(unconfined) {
|
|
userns,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
include if exists <local/surfshark>
|
|
}
|