kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
42,663 Commits 10 Branches 356 Tags 299 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 404d87ec69
AppArmor: add missing rules for running in userns 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-30 16:17:13 +02:00
Sebastiaan van Stijn e553a03627
AppArmor: remove rules for linkgraph.db SQLite database 
Commit 0f9f99500c removed the
use of SQLite for managing container links, and commit
f8119bb7a7 removed the migration
tool, and SQLite dependency.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-09-26 17:19:21 +02:00
Aleksa Sarai 4bf7a84c96 apparmor: fix version checks to work properly 
Using {{if major}}{{if minor}} doesn't work as expected when the major
version changes. In addition, this didn't support patch levels (which is
necessary in some cases when distributions ship apparmor weirdly).

Signed-off-by: Aleksa Sarai <asarai@suse.com>
 2016-02-15 20:36:07 +11:00
Thomas Sjögren 602498d1b0 add /bin/tar to apparmor profile 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-12-23 18:11:16 +01:00
Tibor Vass cd648dce3a Merge pull request #18242 from jfrazelle/i-have-no-idea 
Remove ipc rule in docker-engine apparmor profile
 2015-12-11 11:23:41 +01:00
Jessica Frazelle 68c9ebdf1f
Remove ipc rule in docker-engine apparmor profile 
On a ubuntu 15.04 machine with apparmor_parser version 2.10 I get
```
Syntax Error: Unknown line found in file:
/etc/apparmor.d/docker-engine line: 26
```
when running `aa-complain /etc/apparmor.d/docker-engine`.

It's super weird because ipc is documented in the apparmor manual, but it
doesnt seem to be working at all. Tested on a few servers.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2015-11-25 11:32:00 -08:00
Stefan Berger 6079d9d6a3
Policy extensions for user namespaces and docker exec 
A few additions to the policy when running with user namespaces enabled
and when running 'docker exec'.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-11-23 15:19:45 -08:00
Stefan Berger 02411987ff More Rules for AppArmor 
This patch addresses the following AppArmor complains:

type=AVC msg=audit(1445537397.873:547): apparmor="ALLOWED" operation="mount"
  info="failed srcname match" error=-13 profile="/usr/bin/docker"
  name="/.pivot_root602836504/" pid=11512 comm="exe" flags="rw, rprivate"

type=AVC msg=audit(1445537265.325:502): apparmor="ALLOWED"
  operation="file_lock" profile="/usr/bin/docker"
  name="/var/lib/docker/network/files/local-kv.db" pid=9574 comm="docker"
  requested_mask="k" denied_mask="k" fsuid=0 ouid=0

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-11-05 11:06:18 -05:00
Jessica Frazelle 8cf89245f5
change default docker-engine profile to a template based on apparmor_parser version 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2015-10-19 16:15:18 -07:00