From 8a13d71edb7a80f7faa79270e7933044f4029555 Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Sun, 10 Jul 2022 13:36:44 +0200
Subject: [PATCH] Update CNI path, set containerd to attach_disconnected,
 cleanups.

---
 apparmor.d/groups/virt/calico        | 4 ++--
 apparmor.d/groups/virt/cni-bandwidth | 2 +-
 apparmor.d/groups/virt/cni-loopback  | 2 +-
 apparmor.d/groups/virt/cni-portmap   | 2 +-
 apparmor.d/groups/virt/containerd    | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/apparmor.d/groups/virt/calico b/apparmor.d/groups/virt/calico
index b68944be6..ad021b216 100644
--- a/apparmor.d/groups/virt/calico
+++ b/apparmor.d/groups/virt/calico
@@ -6,8 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{opt/,}{cni/,}bin/calico
-profile calico @{exec_path} flags=(complain) {
+@{exec_path} = /opt/cni/bin/calico
+profile calico @{exec_path} {
   include <abstractions/base>
 
   network inet,
diff --git a/apparmor.d/groups/virt/cni-bandwidth b/apparmor.d/groups/virt/cni-bandwidth
index 1de4dbf4b..c477581d1 100644
--- a/apparmor.d/groups/virt/cni-bandwidth
+++ b/apparmor.d/groups/virt/cni-bandwidth
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{opt/,}{cni/,}bin/bandwidth
+@{exec_path} = /opt/cni/bin/bandwidth
 profile bandwidth @{exec_path} {
   include <abstractions/base>
 
diff --git a/apparmor.d/groups/virt/cni-loopback b/apparmor.d/groups/virt/cni-loopback
index a6ff7d6fc..e1389f93a 100644
--- a/apparmor.d/groups/virt/cni-loopback
+++ b/apparmor.d/groups/virt/cni-loopback
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{opt/,}{cni/,}bin/loopback
+@{exec_path} = /opt/cni/bin/loopback
 profile loopback @{exec_path} {
   include <abstractions/base>
 
diff --git a/apparmor.d/groups/virt/cni-portmap b/apparmor.d/groups/virt/cni-portmap
index 02e24956f..8d7688441 100644
--- a/apparmor.d/groups/virt/cni-portmap
+++ b/apparmor.d/groups/virt/cni-portmap
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{opt/,}{cni/,}bin/portmap
+@{exec_path} = /opt/cni/bin/portmap
 profile portmap @{exec_path} {
   include <abstractions/base>
 
diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd
index c44b93007..212846e7d 100644
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = /{usr/,}bin/containerd
-profile containerd @{exec_path} {
+profile containerd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/ssl_certs>
   include <abstractions/nameservice-strict>