From d29f72e377568204d9849d38d67a19e4476b3f0e Mon Sep 17 00:00:00 2001
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Date: Wed, 5 Jun 2024 14:38:06 +0200
Subject: [PATCH] apparmor: regenerate rules

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 config/apparmor/abstractions/container-base | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base
index d9e7ff043..8be986101 100644
--- a/config/apparmor/abstractions/container-base
+++ b/config/apparmor/abstractions/container-base
@@ -92,14 +92,14 @@
   deny /sys/kernel/debug/{,**} rwklx,
 
   # allow paths to be made slave, shared, private or unbindable
-  mount options=(rw,make-slave) -> /**,
-  mount options=(rw,make-rslave) -> /**,
-  mount options=(rw,make-shared) -> /**,
-  mount options=(rw,make-rshared) -> /**,
-  mount options=(rw,make-private) -> /**,
-  mount options=(rw,make-rprivate) -> /**,
-  mount options=(rw,make-unbindable) -> /**,
-  mount options=(rw,make-runbindable) -> /**,
+  mount options=(rw,make-slave) -> /{,**},
+  mount options=(rw,make-rslave) -> /{,**},
+  mount options=(rw,make-shared) -> /{,**},
+  mount options=(rw,make-rshared) -> /{,**},
+  mount options=(rw,make-private) -> /{,**},
+  mount options=(rw,make-rprivate) -> /{,**},
+  mount options=(rw,make-unbindable) -> /{,**},
+  mount options=(rw,make-runbindable) -> /{,**},
 
   # allow bind-mounts of anything except /proc, /sys and /dev
   mount options=(rw,bind) /[^spd]*{,/**},
-- 
2.47.2