moby/contrib/apparmor at 8b2fcddcd251e58473abf6c4949573e03f44bb96 - beenull/moby

History

Eric Windisch 8b2fcddcd2 AA: Eliminate 'file' permission Implements the policies for the remaining binaries called by the Docker engine and eliminates the giant whitelisted 'all files' permission in favor of granular whitelisting and child-specific policies. It should be possible now to remove the 'file' permission, but for the sake of keeping Docker unbroken, we'll try to gradually tighten the policy. Signed-off-by: Eric Windisch <eric@windisch.us>	2015-07-28 17:45:53 -04:00
..
docker-engine	AA: Eliminate 'file' permission	2015-07-28 17:45:53 -04:00

Eric Windisch 8b2fcddcd2 AA: Eliminate 'file' permission

Implements the policies for the remaining binaries
called by the Docker engine and eliminates the
giant whitelisted 'all files' permission in favor
of granular whitelisting and child-specific policies.

It should be possible now to remove the 'file' permission,
but for the sake of keeping Docker unbroken, we'll try
to gradually tighten the policy.

Signed-off-by: Eric Windisch <eric@windisch.us>

2015-07-28 17:45:53 -04:00

docker-engine

AA: Eliminate 'file' permission

2015-07-28 17:45:53 -04:00