mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-28 21:07:56 +00:00
Code Issues Releases Wiki Activity

utils: add unprivileged_userns to aa-notify list of special profiles

Browse Source 
Both the unconfined profile and unprivileged_userns are part of the
default notify.conf, so the default fallback when no configurations are
present should also match this default.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
This commit is contained in:
Ryan Lee 2025-04-02 10:28:17 -07:00
parent 3b3dada5d9
commit 4623da695e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
utils/aa-notify
View File

@ -1013,7 +1013,8 @@ def main():
if 'userns_special_profiles' in config['']: if 'userns_special_profiles' in config['']:
userns_special_profiles = config['']['userns_special_profiles'].strip().split(',') userns_special_profiles = config['']['userns_special_profiles'].strip().split(',')
else: else:
userns_special_profiles = ['unconfined'] # By default, unconfined is the only special profile # By default, unconfined and unprivileged_userns are the special profiles
userns_special_profiles = ['unconfined', 'unprivileged_userns']
if 'ignore_denied_capability' in config['']: if 'ignore_denied_capability' in config['']:
ignore_denied_capability = config['']['ignore_denied_capability'].strip().split(',') ignore_denied_capability = config['']['ignore_denied_capability'].strip().split(',')