From 2a3f75a1859db64d64eb0c78c7899cc00ac5f79b Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Thu, 9 May 2019 07:37:29 +0000
Subject: [PATCH] Update how to setup a policy namespace for containers

---
 how-to-setup-a-policy-namespace-for-containers.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/how-to-setup-a-policy-namespace-for-containers.md b/how-to-setup-a-policy-namespace-for-containers.md
index 4eb4261..2fb06c1 100644
--- a/how-to-setup-a-policy-namespace-for-containers.md
+++ b/how-to-setup-a-policy-namespace-for-containers.md
@@ -213,14 +213,17 @@ if your task is unconfined by apparmor (it will be if you don't
 have policy on the host) and it has cap mac_admin (root). Then
 you can do
 
+ ```
   mkdir /sys/kernel/security/apparmor/policy/namespaces/$(NS_NAME)
+ ```
 
 where $(NS_NAME) is basically limited to alphanum with the first
 character being alpha. And unfortunately there is no way to auto
 reap apparmor policy namespaces so when your container dies.
 
+ ```
   rmdir /sys/kernel/security/apparmor/policy/namespaces/$(NS_NAME)
-
+ ```
 
 ## policy