You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am expecting to extend the default apparmor profile with few other custom rules.
My initial idea was that the default profile is loaded via a file based definition of the profile, so that
I can take a copy of that file, update the profile and reload it via the apparmor_parser as described in apparmor docs
for loading new profiles.
This discussion was converted from issue #8761 on July 10, 2023 04:49.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi Team,
I am expecting to extend the default apparmor profile with few other custom rules.
My initial idea was that the default profile is loaded via a file based definition of the profile, so that
I can take a copy of that file, update the profile and reload it via the apparmor_parser as described in apparmor docs
for loading new profiles.
But upon further investigation, I understood that it's loaded at realtime by Containerd runtime via a code segment in
https://github.com/containerd/containerd/blob/main/contrib/apparmor/template.go#L132C3-L132C3.
So, in this case, what possibility is there to extend on top of this?
Is this a supported feature or not ?
@crosbymichael @Random-Liu @dmcgowan
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions