Allow containerd to (u)mount cni devices, and loopback to access them.

2022-07-10 15:10:34 +02:00 · 2022-07-10 15:10:34 +02:00 · 02ad72b024
commit 02ad72b024
parent 6c8e50534b
2 changed files with 5 additions and 0 deletions
--- a/apparmor.d/groups/virt/cni-loopback
+++ b/apparmor.d/groups/virt/cni-loopback
@ -11,6 +11,9 @@ profile cni-loopback @{exec_path} {
  include <abstractions/base>

  @{exec_path} mr,
+
+  @{run}/netns/            r,
+  @{run}/netns/cni-@{uuid} rw,
  
  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,