feat(profiles): remove rules promoted into the base abstraction.

2022-11-28 18:05:29 +00:00 · 2022-11-28 18:05:29 +00:00 · 9a46df81b9
commit 9a46df81b9
parent 116cb3059f
28 changed files with 0 additions and 36 deletions
--- a/apparmor.d/profiles-a-f/apparmor.systemd
+++ b/apparmor.d/profiles-a-f/apparmor.systemd
@ -38,7 +38,6 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
  @{PROC}/@{pids}/fd/ r,
  @{PROC}/@{pids}/maps r,
  @{PROC}/@{pids}/mounts r,
-  @{PROC}/filesystems r,
  @{PROC}/mounts r,

  /dev/tty rw,
--- a/apparmor.d/profiles-a-f/apparmor_parser
+++ b/apparmor.d/profiles-a-f/apparmor_parser
@ -28,7 +28,6 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
  
  owner /tmp/cri-containerd.apparmor.d[0-9]* r,

-        @{sys}/devices/system/cpu/possible r,
        @{sys}/kernel/security/apparmor/{,**} r,
  owner @{sys}/kernel/security/apparmor/.{remove,replace,load,access} rw,