felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'feat/update' of https://github.com/Jeroen0494/apparmor.d into Jeroen0494-feat/update

Browse source 
* 'feat/update' of https://github.com/Jeroen0494/apparmor.d:
  signal to socket
  Add kstart, XDG KDE updates
  Plank profile
  containerd and KDE updates
This commit is contained in:
Alexandre Pujol 2023-11-29 22:20:29 +00:00
commit f06f01a36a
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
8 changed files with 67 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/groups/virt/containerd
View file

@ -42,7 +42,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
umount @{run}/netns/cni-@{uuid},
signal (receive) set=term peer={dockerd,k3s},
signal (send) set=kill peer=cni-calico,
signal (send) set=kill peer={containerd-shim-runc-v2,cni-calico},
@{exec_path} mr,
@ -91,6 +91,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
/tmp/cri-containerd.apparmor.d[0-9]* rwl,
/tmp/ctd-volume[0-9]*/{,**} rw,
@{sys}/fs/cgroup/kubepods/** r,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
@{sys}/kernel/security/apparmor/profiles r,
@{sys}/module/apparmor/parameters/enabled r,

1
apparmor.d/groups/virt/containerd-shim-runc-v2
View file

@ -23,6 +23,7 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) {
ptrace (read) peer=unconfined,
signal (send) set=kill peer=cri-containerd.apparmor.d,
signal (receive) set=kill peer=containerd,
mount -> /run/containerd/io.containerd.runtime.v2.task/k8s.io/@{hex}/rootfs/,
umount /run/containerd/io.containerd.runtime.v2.task/k8s.io/@{hex}/rootfs/,