felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): docker: add git & init subprofile.

Browse source
This commit is contained in:
Alexandre Pujol 2025-03-28 23:33:12 +01:00
parent 7a352cb7df
commit 2e5c860f0d
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

20
apparmor.d/groups/virt/dockerd
View file

@ -28,6 +28,7 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
capability sys_ptrace, capability sys_ptrace,
network inet dgram, network inet dgram,
network inet raw,
network inet stream, network inet stream,
network inet6 dgram, network inet6 dgram,
network inet6 stream, network inet6 stream,
@ -64,8 +65,9 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
@{bin}/apparmor_parser rPx, @{bin}/apparmor_parser rPx,
@{bin}/containerd rPx, @{bin}/containerd rPx,
@{bin}/docker-init rix, @{bin}/docker-init rCx -> init,
@{bin}/docker-proxy rPx, @{bin}/docker-proxy rPx,
@{bin}/git rCx -> git,
@{bin}/kmod rPx, @{bin}/kmod rPx,
@{bin}/ps rPx, @{bin}/ps rPx,
@{bin}/runc rUx, @{bin}/runc rUx,
@ -123,6 +125,22 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
/dev/ r, /dev/ r,
/dev/**/ r, /dev/**/ r,
profile init flags=(attach_disconnected) {
include <abstractions/base>
@{bin}/docker-init mr,
include if exists <local/dockerd_init>
}
profile git flags=(attach_disconnected) {
include <abstractions/base>
@{bin}/git mr,
include if exists <local/dockerd_git>
}
include if exists <local/dockerd> include if exists <local/dockerd>
} }