apparmor: use correct version for ptrace denial suppression

Ubuntu ships apparmor_parser 2.9 erroniously as "2.8.95". Fix the incorrect version check for >=2.8, when in fact 2.8 deosn't support the required feature. Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-02-14 18:06:31 +11:00 · 2016-02-14 18:06:31 +11:00 · 284d9d451e
commit 284d9d451e
parent 4bf7a84c96
1 changed files with 1 additions and 1 deletions
--- a/profiles/apparmor/template.go
+++ b/profiles/apparmor/template.go
@ -38,7 +38,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
  deny /sys/firmware/efi/efivars/** rwklx,
  deny /sys/kernel/security/** rwklx,

-{{if ge .Version 208000}}
+{{if ge .Version 208095}}
  # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
  ptrace (trace,read) peer=docker-default,
 {{end}}