felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add AppArmor support to containerd

Browse source
This commit is contained in:
Jeroen Rijken 2022-07-06 20:50:14 +02:00
parent 9ea910d1a0
commit 3d63f9e21e
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/groups/virt/containerd
View file

@ -58,5 +58,11 @@ profile containerd @{exec_path} {
owner @{PROC}/@{pids}/mountinfo r, owner @{PROC}/@{pids}/mountinfo r,
@{PROC}/sys/net/core/somaxconn r, @{PROC}/sys/net/core/somaxconn r,
# AppArmor within containers
@{sys}/kernel/security/apparmor/profiles r,
@{sys}/module/apparmor/parameters/enabled r,
/tmp/cri-containerd.apparmor.d[0-9]* rwl,
/usr/sbin/apparmor_parser Px,
include if exists <local/containerd> include if exists <local/containerd>
} }