Skip to content
This repository was archived by the owner on Dec 13, 2018. It is now read-only.

Tighten proc and caps in apparmor policy#578

Closed
ewindisch wants to merge 1 commit intodocker-archive:masterfrom
ewindisch:apparmor-policy-1
Closed

Tighten proc and caps in apparmor policy#578
ewindisch wants to merge 1 commit intodocker-archive:masterfrom
ewindisch:apparmor-policy-1

Conversation

@ewindisch
Copy link
Copy Markdown
Contributor

@ewindisch ewindisch commented May 11, 2015

Adds denies for various paths underneath /proc,
restricts capabilities. Following this patch,
adding capabilities beyond the default set will
not be possible without also specifying an alternative
AppArmor profile.

Signed-off-by: Eric Windisch eric@windisch.us

@ewindisch
Tighten proc and caps in apparmor policy
5b0add1 
Adds denies for various paths underneath /proc,
restricts capabilities. Following this patch,
adding capabilities beyond the default set will
not be possible without also specifying an alternative
AppArmor profile.

Signed-off-by: Eric Windisch <eric@windisch.us>
@ewindisch ewindisch mentioned this pull request May 11, 2015
Closed
@ewindisch
Copy link
Copy Markdown
Contributor Author

ewindisch commented May 19, 2015

May need more granular settings for /sys...

@ewindisch ewindisch closed this May 19, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

status/0-needs-triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ewindisch @GordonTheTurtle