felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2900 commits 5 branches 0 tags 16 MiB
Commit graph

184 commits

Author SHA1 Message Date
Alexandre Pujol
8ff5ed7a69
feat(profiles): general update. 2022-09-11 20:45:14 +01:00
Jeroen
9818daba5f
LVM and general update (#68) 
* Small fixes

* General update

* Add LVM

* Various small fixes

* Add profile

* Typo

* sbin to regex

* Date and time to extends

* Read cmdline

* Remove grep duplicate

* Small fixes

* Typo

* Permissions for warning scripts

* Add net_admin for multipath
 2022-09-06 21:01:17 +00:00
Alexandre Pujol
746a36bfb4
feat(profiles): add our virt-aa-helper. 2022-09-03 16:10:17 +01:00
Alexandre Pujol
769627fc25
feat(profiles): remove libvirt abstractions. 2022-09-03 16:06:31 +01:00
Alexandre Pujol
3b56d3ff0f
feat(profiles): use the new hex variable. 2022-09-03 14:43:34 +01:00
Alexandre Pujol
9d4956df0d
feat(profiles): general update. 2022-08-21 20:16:29 +01:00
Alexandre Pujol
79860f207d
feat(profiles): initial support for dockerd. 2022-08-19 21:26:17 +01:00
Jeroen Rijken
af603fbc62 Revert "tty and pts are part of abstractions/consoles" 
This reverts commit 51a33f3f5e.
 2022-08-19 19:25:22 +01:00
Jeroen Rijken
c680dfe7db sort rules 2022-08-19 19:25:22 +01:00
Jeroen Rijken
099a97cb36 General update 2022-08-19 19:25:22 +01:00
Jeroen Rijken
005dec1a53 tty and pts are part of abstractions/consoles 2022-08-19 19:25:22 +01:00
Jeroen Rijken
6af5c76fb8 Add and update CNI profiles 2022-08-19 19:25:22 +01:00
Alexandre Pujol
c148aa978c
feat(profiles): general update. 2022-08-13 20:31:57 +01:00
Alexandre Pujol
2878fa6a2e
feat(profiles): general update. 2022-07-29 16:47:09 +01:00
Jeroen Rijken
58cfe9ad37 Small fixes 2022-07-29 16:41:19 +01:00
Jeroen Rijken
616753aea0 Consolidate rules 2022-07-29 16:41:19 +01:00
Jeroen Rijken
fcea04c69b Remove complain flags 2022-07-29 16:41:19 +01:00
Jeroen Rijken
e724d835ed Add ps to ptrace 2022-07-29 16:41:19 +01:00
Jeroen Rijken
e4d118365a Add Kubernetes pause container 2022-07-29 16:41:19 +01:00
Jeroen Rijken
e6525e1f04 Add missing volumes 2022-07-29 16:41:19 +01:00
Jeroen Rijken
07f1db2725 Fix some typo's 2022-07-29 16:41:19 +01:00
Jeroen Rijken
33da7af6e8 container updates 2022-07-29 16:41:19 +01:00
Alexandre Pujol
48c023d4bd
feat(profiles): containerd support for docker & cosmetic. 2022-07-21 20:15:02 +01:00
Jeroen Rijken
eb87e035b8 Initial containerd-shim-runc support 2022-07-21 20:05:56 +01:00
Jeroen Rijken
266d5c6dc0 Add IPV6 2022-07-21 19:46:45 +01:00
Jeroen Rijken
b404d7e4c4 Move xtables-nft to separate profile 2022-07-21 19:46:45 +01:00
Jeroen Rijken
130c562488 Allow containerd signal from k3s 2022-07-21 19:46:45 +01:00
Jeroen Rijken
61eab33cd8 Add ptrace subprofile 2022-07-21 19:46:45 +01:00
Jeroen Rijken
d6d9c943ae Add missing permission 2022-07-21 19:46:45 +01:00
Jeroen Rijken
dca33292f7 Update ruleset for clean installation. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
a1f4dbee50 First batch of cleanups based on PR comments. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
c03c624472 Allow signals from containerd to calico 2022-07-21 19:46:45 +01:00
Jeroen Rijken
8f81a39df1 Support read AppArmor profiles 2022-07-21 19:46:45 +01:00
Jeroen Rijken
560250cf5f Fix mode 2022-07-21 19:46:45 +01:00
Jeroen Rijken
2deb2a48a6 Fix name range. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
a3415dc42c Typo and calico proc. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
c84455cca4 Fixes for container network creation. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
3e006e3c76 Fix for calico unable to create network namespace. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
5565217c91 Move xtables profile to child profile of k3s. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
78cfb23bff Apply suggested fixes from PR 2022-07-21 19:46:45 +01:00
Jeroen Rijken
5af6cda328 Allow dbus messages and user database reading. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
463da2a8f4 Initial support for k3s 2022-07-21 19:46:45 +01:00
Jeroen Rijken
2ec802d40d Remove deny root 2022-07-18 19:45:04 +01:00
Jeroen Rijken
e9bcd3f820 Small fixes 2022-07-18 19:45:04 +01:00
Jeroen Rijken
70aa5fdbb2 Small fixes 2022-07-18 19:45:04 +01:00
Jeroen Rijken
5a02490082 Needed for certain containers like calico 2022-07-18 19:45:04 +01:00
Jeroen Rijken
13aee74df9 Various containerd fixes 2022-07-18 19:45:04 +01:00
Alexandre Pujol
eb6c7548f5
feat(profiles): general update. 2022-07-15 21:55:59 +01:00
Jeroen Rijken
682df516bf Make calico part of cni 2022-07-15 21:43:08 +01:00
Jeroen Rijken
02ad72b024 Allow containerd to (u)mount cni devices, and loopback to access them. 2022-07-15 21:43:08 +01:00