Skip to content

Commit

Permalink
Merge pull request #2004 from NeilW/update-apparmor-1898
Browse files Browse the repository at this point in the history 
Update apparmor profile to support v4.0.0
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] committed May 21, 2024
2 parents 30d4d4c + 1aedc12 commit b643760
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/apparmor/apparmor_linux_template.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
# Allow signals from privileged profiles and from within the same profile
signal (receive) peer=unconfined,
signal (send,receive) peer={{.Name}},
# Allow certain signals from OCI runtimes (podman, runc and crun)
signal (receive) peer={/usr/bin/,/usr/sbin/,}runc,
signal (receive) peer={/usr/bin/,/usr/sbin/,}crun*,
signal (receive) set=(int, quit, kill, term) peer={/usr/bin/,/usr/sbin/,}podman,
{{end}}
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
Expand Down

1 comment on commit b643760

@packit-as-a-service
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

podman-next COPR build failed. @containers/packit-build please check.

Please sign in to comment.