mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #17273 from stefanberger/apparmor_policy_1.9
More Rules for AppArmor
This commit is contained in:
Jess Frazelle
commit
5353ccb05c
1 changed files with 4 additions and 0 deletions
|
|
@ -14,6 +14,9 @@ profile /usr/bin/docker (attach_disconnected, complain) {
|
||||||
mount -> /proc/**,
|
mount -> /proc/**,
|
||||||
mount -> /sys/**,
|
mount -> /sys/**,
|
||||||
mount -> /run/docker/netns/**,
|
mount -> /run/docker/netns/**,
|
||||||
|
mount -> /.pivot_root[0-9]*/,
|
||||||
|
|
||||||
|
/ r,
|
||||||
|
|
||||||
umount,
|
umount,
|
||||||
pivot_root,
|
pivot_root,
|
||||||
|
|
@ -29,6 +32,7 @@ profile /usr/bin/docker (attach_disconnected, complain) {
|
||||||
@{DOCKER_GRAPH_PATH}/** rwl,
|
@{DOCKER_GRAPH_PATH}/** rwl,
|
||||||
@{DOCKER_GRAPH_PATH}/linkgraph.db k,
|
@{DOCKER_GRAPH_PATH}/linkgraph.db k,
|
||||||
@{DOCKER_GRAPH_PATH}/network/files/boltdb.db k,
|
@{DOCKER_GRAPH_PATH}/network/files/boltdb.db k,
|
||||||
|
@{DOCKER_GRAPH_PATH}/network/files/local-kv.db k,
|
||||||
|
|
||||||
# For non-root client use:
|
# For non-root client use:
|
||||||
/dev/urandom r,
|
/dev/urandom r,
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue