felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add and update CNI profiles

Browse source
This commit is contained in:
Jeroen Rijken 2022-08-01 18:25:20 +02:00 committed by Alex
parent b1112e35a7
commit 6af5c76fb8
5 changed files with 40 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/groups/virt/cni-xtables-nft
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/xtables-nft-multi
profile cni-xtables-nft {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
capability net_admin,
@ -30,6 +31,4 @@ profile cni-xtables-nft {
/etc/nftables.conf rw,
@{PROC}/@{pids}/net/ip_tables_names r,
/dev/pts/[0-9]* rw,
}