felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1087 commits 5 branches 0 tags 16 MiB
Commit graph

105 commits

Author SHA1 Message Date
Jeroen Rijken
dca33292f7 Update ruleset for clean installation. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
a1f4dbee50 First batch of cleanups based on PR comments. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
c03c624472 Allow signals from containerd to calico 2022-07-21 19:46:45 +01:00
Jeroen Rijken
8f81a39df1 Support read AppArmor profiles 2022-07-21 19:46:45 +01:00
Jeroen Rijken
560250cf5f Fix mode 2022-07-21 19:46:45 +01:00
Jeroen Rijken
2deb2a48a6 Fix name range. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
a3415dc42c Typo and calico proc. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
c84455cca4 Fixes for container network creation. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
3e006e3c76 Fix for calico unable to create network namespace. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
5565217c91 Move xtables profile to child profile of k3s. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
78cfb23bff Apply suggested fixes from PR 2022-07-21 19:46:45 +01:00
Jeroen Rijken
5af6cda328 Allow dbus messages and user database reading. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
463da2a8f4 Initial support for k3s 2022-07-21 19:46:45 +01:00
Jeroen Rijken
2ec802d40d Remove deny root 2022-07-18 19:45:04 +01:00
Jeroen Rijken
e9bcd3f820 Small fixes 2022-07-18 19:45:04 +01:00
Jeroen Rijken
70aa5fdbb2 Small fixes 2022-07-18 19:45:04 +01:00
Jeroen Rijken
5a02490082 Needed for certain containers like calico 2022-07-18 19:45:04 +01:00
Jeroen Rijken
13aee74df9 Various containerd fixes 2022-07-18 19:45:04 +01:00
Alexandre Pujol
eb6c7548f5
feat(profiles): general update. 2022-07-15 21:55:59 +01:00
Jeroen Rijken
682df516bf Make calico part of cni 2022-07-15 21:43:08 +01:00
Jeroen Rijken
02ad72b024 Allow containerd to (u)mount cni devices, and loopback to access them. 2022-07-15 21:43:08 +01:00
Jeroen Rijken
6c8e50534b Cleanup profile 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2022-07-15 21:43:08 +01:00
Alexandre Pujol
d8449de55e
feat(profiles): add and merge some cni profiles. 2022-07-10 14:24:09 +01:00
Alex
40d8c68f22
Merge branch 'master' into feat/cni 2022-07-10 13:41:50 +01:00
Jeroen Rijken
d10f2c073c Alphabetical sorting, group common options. 2022-07-10 13:39:01 +01:00
Jeroen Rijken
59f8b893ff Cleanup profiles according to standards 2022-07-10 13:39:01 +01:00
Jeroen Rijken
3810c1668e Basic ZFS support 2022-07-10 13:39:01 +01:00
Alex
6e1e7dc32b
Apply suggestions from code review 2022-07-10 12:38:11 +00:00
Jeroen Rijken
8a13d71edb Update CNI path, set containerd to attach_disconnected, cleanups. 2022-07-10 13:36:44 +02:00
Jeroen Rijken
9fb43325a3 Add headers to new policies 2022-07-10 12:49:33 +02:00
Jeroen Rijken
7524bfa343 Syntax fixes 2022-07-10 12:43:52 +02:00
Jeroen Rijken
8413f6b9e6 Allow containerd to access SSL certs for pulling container images. 2022-07-10 11:51:15 +02:00
Jeroen Rijken
edcd130432 Calico profile cleanup. 2022-07-09 20:53:21 +02:00
Jeroen Rijken
2ffa3d1339 Cleanup profiles according to standards part 1/2 2022-07-09 20:46:59 +02:00
Jeroen Rijken
3d63f9e21e Add AppArmor support to containerd 2022-07-06 20:50:14 +02:00
Jeroen Rijken
9ea910d1a0 Add CNI for containerd 2022-07-06 20:49:52 +02:00
Alexandre Pujol
f6de2fbe7a
feat(profiles): general update. 2022-07-03 20:27:48 +01:00
Alexandre Pujol
e087349662
feat(profiles): define more xdg variables. 2022-06-26 17:32:12 +01:00
Alexandre Pujol
e69182e1df
feat(profiles): general update. 2022-06-26 16:40:48 +01:00
Alexandre Pujol
20fd8376bd
feat(profiles): Rewrite and largelly restrict the libvirtd profile. 2022-06-18 22:49:32 +01:00
Alexandre Pujol
879416b062
feat(profiles): better system nss rules in nameservice-strict. 2022-06-03 19:38:34 +01:00
nobodysu
7db753f0c9
Alphanumeric systemd sessions (#47) 2022-06-01 17:54:07 +00:00
Alexandre Pujol
a59387ac9e
Profile update. 2022-03-27 14:25:29 +01:00
Alexandre Pujol
20c3b0575c
General profiles update. 2022-03-26 20:43:47 +00:00
Alexandre Pujol
683da55bb9
/proc/sys/kernel/random/boot_id is part of nameservice-strict. 2022-03-02 18:19:25 +00:00
Alexandre Pujol
84e2a56eb9
Profiles update. 2022-02-27 12:18:10 +00:00
Alexandre Pujol
0ee2e4f7ad
New @{uuid} variable. 2022-02-22 13:14:46 +00:00
Alexandre Pujol
a2dc5b1132
Add initial cockpit profiles. 2021-10-07 14:58:54 +01:00
Alexandre Pujol
adabcd6b94
Move libvirtd profiles. 2021-09-28 21:54:57 +01:00
Alexandre Pujol
b79ffa52c6
Update profiles. 2021-09-28 21:53:50 +01:00