felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(profile): modernise fuse-overlayfs.

Browse source 
fix  #726
This commit is contained in:
Alexandre Pujol 2025-05-01 20:15:24 +02:00
parent 5edde91d44
commit 87e82b1505
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 10 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

13
apparmor.d/profiles-a-f/fuse-overlayfs
View file

@ -10,14 +10,21 @@ include <tunables/global>
profile fuse-overlayfs @{exec_path} { profile fuse-overlayfs @{exec_path} {
include <abstractions/base> include <abstractions/base>
capability sys_admin, capability chown,
capability dac_override, capability dac_override,
capability dac_read_search, capability dac_read_search,
capability chown, capability fowner,
capability setfcap,
capability setuid,
capability sys_admin,
mount fstype=fuse.* options=(rw,nodev,noatime) @{user_share_dirs}/containers/storage/overlay/**/merged/ -> **,
mount fstype=fuse.overlayfs options=(rw,nodev,noatime) fuse-overlayfs -> @{user_share_dirs}/containers/storage/overlay/**/merged/,
@{exec_path} mr, @{exec_path} mr,
mount fstype=fuse.* options=(rw,nodev,noatime) @{user_share_dirs}/containers/storage/overlay/**/merged/ -> **, @{bin}/mount rix,
@{bin}/umount rix,
owner @{user_share_dirs}/containers/storage/overlay/{,**} rwl, owner @{user_share_dirs}/containers/storage/overlay/{,**} rwl,