mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

Update how to setup a policy namespace for containers

John Johansen
2019-05-09 07:37:29 +00:00
parent 735b734aa1
commit 2a3f75a185
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
how-to-setup-a-policy-namespace-for-containers.md

@@ -213,14 +213,17 @@ if your task is unconfined by apparmor (it will be if you don't
have policy on the host) and it has cap mac_admin (root). Then have policy on the host) and it has cap mac_admin (root). Then
you can do you can do
```
mkdir /sys/kernel/security/apparmor/policy/namespaces/$(NS_NAME) mkdir /sys/kernel/security/apparmor/policy/namespaces/$(NS_NAME)
```
where $(NS_NAME) is basically limited to alphanum with the first where $(NS_NAME) is basically limited to alphanum with the first
character being alpha. And unfortunately there is no way to auto character being alpha. And unfortunately there is no way to auto
reap apparmor policy namespaces so when your container dies. reap apparmor policy namespaces so when your container dies.
```
rmdir /sys/kernel/security/apparmor/policy/namespaces/$(NS_NAME) rmdir /sys/kernel/security/apparmor/policy/namespaces/$(NS_NAME)
```
## policy ## policy