Merge unprivileged_userns profile: Allow full file system access

Fixes https://gitlab.com/apparmor/apparmor/-/issues/505 The profile previously permitted access to `/**`, which excludes the root directory (`/`). This commit also gives `/` access, aligning with the intended behavior. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> Closes #505 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1626 Approved-by: Georgia Garcia <georgia.garcia@canonical.com> Merged-by: John Johansen <john@jjmx.net>
2025-08-31 06:16:03 +00:00 · 2025-04-12 09:19:25 +00:00
parent 59d9d001a1 182db98c2a
commit 8138bc60d1
1 changed files with 1 additions and 1 deletions
--- a/profiles/apparmor.d/unprivileged_userns
+++ b/profiles/apparmor.d/unprivileged_userns
@@ -13,7 +13,7 @@ profile unprivileged_userns {
     allow network,
     allow signal,
     allow dbus,
-     allow file rwlkm /**,
+     allow file rwlkm /{,**},
     allow unix,
     allow mqueue,
     allow ptrace,