apparmor: regenerate rules

author Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Wed, 5 Jun 2024 12:38:06 +0000 (14:38 +0200)

committer Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Wed, 5 Jun 2024 13:13:13 +0000 (15:13 +0200)
author Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Wed, 5 Jun 2024 12:38:06 +0000 (14:38 +0200)
committer Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Wed, 5 Jun 2024 13:13:13 +0000 (15:13 +0200)
diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base

index d9e7ff0437777d07348614088bb66dec1964253a..8be986101515e116c2734bad3f7b561ace6de55f 100644 (file)
--- a/config/apparmor/abstractions/container-base
+++ b/config/apparmor/abstractions/container-base
@@ -92,14 +92,14 @@
    deny /sys/kernel/debug/{,**} rwklx,
  
    # allow paths to be made slave, shared, private or unbindable
-  mount options=(rw,make-slave) -> /**,
-  mount options=(rw,make-rslave) -> /**,
-  mount options=(rw,make-shared) -> /**,
-  mount options=(rw,make-rshared) -> /**,
-  mount options=(rw,make-private) -> /**,
-  mount options=(rw,make-rprivate) -> /**,
-  mount options=(rw,make-unbindable) -> /**,
-  mount options=(rw,make-runbindable) -> /**,
+  mount options=(rw,make-slave) -> /{,**},
+  mount options=(rw,make-rslave) -> /{,**},
+  mount options=(rw,make-shared) -> /{,**},
+  mount options=(rw,make-rshared) -> /{,**},
+  mount options=(rw,make-private) -> /{,**},
+  mount options=(rw,make-rprivate) -> /{,**},
+  mount options=(rw,make-unbindable) -> /{,**},
+  mount options=(rw,make-runbindable) -> /{,**},
  
    # allow bind-mounts of anything except /proc, /sys and /dev
    mount options=(rw,bind) /[^spd]*{,/**},
author	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
	Wed, 5 Jun 2024 12:38:06 +0000 (14:38 +0200)
committer	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
	Wed, 5 Jun 2024 13:13:13 +0000 (15:13 +0200)