Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support rootless AppArmor with sudo nerdctl apparmor load #507

Closed
AkihiroSuda opened this issue Nov 10, 2021 · 0 comments · Fixed by #508
Closed

Support rootless AppArmor with sudo nerdctl apparmor load #507

AkihiroSuda opened this issue Nov 10, 2021 · 0 comments · Fixed by #508
Labels
area/rootless Rootless mode enhancement New feature or request expert

Comments

@AkihiroSuda
Copy link
Member

AkihiroSuda commented Nov 10, 2021
edited
Loading

While we still can't load an AppArmor profile without root, running a rootless container with a pre-loaded AppArmor profile should be possible.

We will need an additional command like sudo nerdctl apparmor load.

We will have to let RootlessKit bind-mount /sys/kernel/security from the parent mount namespace. (PR #508 implements the proposal without relying on /sys/kernel/security)
@AkihiroSuda AkihiroSuda added enhancement New feature or request area/rootless Rootless mode expert labels Nov 10, 2021
@AkihiroSuda AkihiroSuda mentioned this issue Nov 10, 2021
Merged
@AkihiroSuda AkihiroSuda changed the title Support rootless AppArmor with sudo nerdctl system apparmor load Support rootless AppArmor with sudo nerdctl apparmor load Nov 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/rootless Rootless mode enhancement New feature or request expert
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

rootless: allow loading an existing AppArmor profile AkihiroSuda/nerdctl
1 participant
@AkihiroSuda