mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
apparmor: allow readby and tracedby
Fixes audit errors such as: type=AVC msg=audit(1550236803.810:143): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=3181 comm="ps" requested_mask="readby" denied_mask="readby" peer="docker-default" audit(1550236375.918:3): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=2267 comm="ps" requested_mask="tracedby" denied_mask="tracedby" peer="docker-default" Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
This commit is contained in:
parent
aac801ac75
commit
b36455258f
1 changed files with 1 additions and 1 deletions
|
@ -44,7 +44,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
|
||||||
|
|
||||||
{{if ge .Version 208095}}
|
{{if ge .Version 208095}}
|
||||||
# suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
|
# suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
|
||||||
ptrace (trace,read) peer={{.Name}},
|
ptrace (trace,read,tracedby,readby) peer={{.Name}},
|
||||||
{{end}}
|
{{end}}
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
|
Loading…
Reference in a new issue