Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:lixy
containers-buildah-1.35.2
0001-2004-update-apparmor-1898.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-2004-update-apparmor-1898.patch of Package containers-buildah-1.35.2
diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux_template.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux_template.go index 667fa9f26..8db05fda6 100644 --- a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux_template.go +++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux_template.go @@ -22,6 +22,10 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { # Allow signals from privileged profiles and from within the same profile signal (receive) peer=unconfined, signal (send,receive) peer={{.Name}}, + # Allow certain signals from OCI runtimes (podman, runc and crun) + signal (receive) peer={/usr/bin/,/usr/sbin/,}runc, + signal (receive) peer={/usr/bin/,/usr/sbin/,}crun*, + signal (receive) set=(int, quit, kill, term) peer={/usr/bin/,/usr/sbin/,}podman, {{end}} deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
