felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-11-29 12:02:38 +00:00
parent d52a7bd52a
commit 1e5d90afe8
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
19 changed files with 78 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

11
apparmor.d/groups/virt/dockerd
View file

@ -21,6 +21,7 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
capability kill,
capability mknod,
capability net_admin,
capability setfcap,
capability sys_admin,
capability sys_chroot,
capability sys_ptrace,
@ -60,12 +61,12 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
/{usr/,}bin/ps rPx,
/{usr/,}bin/unpigz rix,
# Docker needs full access of its containers.
# Docker needs full access of the containers it manage.
# TODO: should be in a sub profile started with pivot_root, not supported yet.
/{,**} rw,
deny /boot/{,**} rw,
deny /media/{,**} rw,
deny /mnt/{,**} rw,
/{,**} rwl,
deny /boot/{,**} rwl,
deny /media/{,**} rwl,
deny /mnt/{,**} rwl,
owner /{usr/,}lib/docker/overlay2/*/work/{,**} rw,
owner /var/lib/docker/{,**} rwk,