66f14e4ae9
The current docker-default AppArmor profile intends to block write access to everything in `/proc`, except for `/proc/<pid>` and `/proc/sys/kernel/shm*`. Currently the rules block access to everything in `/proc/sys`, and do not successfully allow access to `/proc/sys/kernel/shm*`. Specifically, a path like /proc/sys/kernel/shmmax matches this part of the pattern: deny @{PROC}/{[^1-9][^0-9][^0-9][^0-9]* }/** w, /proc / s y s / kernel /shmmax This patch updates the rule so that it works as intended. Closes #39791 Signed-off-by: Phil Sphicas <phil.sphicas@att.com> |
||
---|---|---|
.. | ||
apparmor | ||
seccomp |