Update how to setup a policy namespace for containers

2025-03-04 08:24:42 +01:00 · 2019-05-16 21:30:32 +00:00 · 2019-05-16 21:30:32 +00:00 · b728df1280
commit b728df1280
parent 2e715c3548
1 changed files with 4 additions and 1 deletions
--- a/how-to-setup-a-policy-namespace-for-containers.md
+++ b/how-to-setup-a-policy-namespace-for-containers.md
@ -33,11 +33,14 @@ and to cleanup after the container has exited
 ```

 to add a bounding stack to the current host policy
+```
  lsm-exec -l apparmor ; aa-exec -p "&:${NS_NAME}:unconfined" -- ${CONTAINER_CMD}
+```

 to specify the host policy and setup the bounding stack
+```
  lsm-exec -l apparmor ; aa-exec -p "${HOST_PROFILE}//&:${NS_NAME}:unconfined" -- ${CONTAINER_CMD}
-
+```

 and to cleanup after the container has exited
 ```