Fix for calico unable to create network namespace.

2022-07-19 14:34:31 +02:00 · 2022-07-19 14:34:31 +02:00 · 3e006e3c76
commit 3e006e3c76
parent 5565217c91
4 changed files with 48 additions and 38 deletions
--- a/apparmor.d/groups/virt/cni-loopback
+++ b/apparmor.d/groups/virt/cni-loopback
@ -10,9 +10,13 @@ include <tunables/global>
 profile cni-loopback @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>

+  network netlink raw,
+
  @{exec_path} mr,

-  @{run}/netns/            r,
+  / r,
+
+  @{run}/netns/ r,
  @{run}/netns/cni-@{uuid} rw,
  
  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,