mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Merge utils: add unprivileged_userns to aa-notify list of special profiles

Browse Source 
Both the unconfined profile and unprivileged_userns are part of the
default notify.conf, so the default fallback when no configurations are
present should also match this default.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1609
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2025-04-03 19:37:08 +00:00
commit 65e2cfa4e3
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
utils/aa-notify
View File

@ -1013,7 +1013,8 @@ def main():
if 'userns_special_profiles' in config['']: if 'userns_special_profiles' in config['']:
userns_special_profiles = config['']['userns_special_profiles'].strip().split(',') userns_special_profiles = config['']['userns_special_profiles'].strip().split(',')
else: else:
userns_special_profiles = ['unconfined'] # By default, unconfined is the only special profile # By default, unconfined and unprivileged_userns are the special profiles
userns_special_profiles = ['unconfined', 'unprivileged_userns']
if 'ignore_denied_capability' in config['']: if 'ignore_denied_capability' in config['']:
ignore_denied_capability = config['']['ignore_denied_capability'].strip().split(',') ignore_denied_capability = config['']['ignore_denied_capability'].strip().split(',')