From 404d87ec6946aaa9c130b64c0c75514a2fcd50c0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 26 Sep 2019 17:34:43 +0200 Subject: [PATCH] AppArmor: add missing rules for running in userns Signed-off-by: Sebastiaan van Stijn --- contrib/apparmor/template.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contrib/apparmor/template.go b/contrib/apparmor/template.go index 5cf63717ab..e6d0b6d37c 100644 --- a/contrib/apparmor/template.go +++ b/contrib/apparmor/template.go @@ -31,6 +31,9 @@ profile /usr/bin/docker (attach_disconnected, complain) { @{DOCKER_GRAPH_PATH}/** rwl, @{DOCKER_GRAPH_PATH}/network/files/boltdb.db k, @{DOCKER_GRAPH_PATH}/network/files/local-kv.db k, + # For user namespaces: + @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/network/files/boltdb.db k, + @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/network/files/local-kv.db k, # For non-root client use: /dev/urandom r,