toolshed/docker-cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
21,804 Commits 3 Branches 295 Tags
ddec0cfa1640501530e2e808bcc4268eb02dba97
Commit Graph

6 Commits

Author SHA1 Message Date
Thomas Sjögren
2db5ffe958 add /bin/tar to apparmor profile 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Upstream-commit: 602498d1b093e4d066e8434aa1cbc041999d44ea
Component: engine
 2015-12-23 18:11:16 +01:00
Tibor Vass
96b1d45a1b Merge pull request #18242 from jfrazelle/i-have-no-idea 
Remove ipc rule in docker-engine apparmor profile
Upstream-commit: cd648dce3adf0f15059eb848d3140d5c7b9f350f
Component: engine
 2015-12-11 11:23:41 +01:00
Jessica Frazelle
4b9793bd14 Remove ipc rule in docker-engine apparmor profile 
On a ubuntu 15.04 machine with apparmor_parser version 2.10 I get
```
Syntax Error: Unknown line found in file:
/etc/apparmor.d/docker-engine line: 26
```
when running `aa-complain /etc/apparmor.d/docker-engine`.

It's super weird because ipc is documented in the apparmor manual, but it
doesnt seem to be working at all. Tested on a few servers.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: 68c9ebdf1f4691a7d5bf5fb9f40021f977ca8f3f
Component: engine
 2015-11-25 11:32:00 -08:00
Stefan Berger
d83e223879 Policy extensions for user namespaces and docker exec 
A few additions to the policy when running with user namespaces enabled
and when running 'docker exec'.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Upstream-commit: 6079d9d6a3b63fa8d9aa7a3981c6c37cc435bccb
Component: engine
 2015-11-23 15:19:45 -08:00
Stefan Berger
60f7222f3f More Rules for AppArmor 
This patch addresses the following AppArmor complains:

type=AVC msg=audit(1445537397.873:547): apparmor="ALLOWED" operation="mount"
  info="failed srcname match" error=-13 profile="/usr/bin/docker"
  name="/.pivot_root602836504/" pid=11512 comm="exe" flags="rw, rprivate"

type=AVC msg=audit(1445537265.325:502): apparmor="ALLOWED"
  operation="file_lock" profile="/usr/bin/docker"
  name="/var/lib/docker/network/files/local-kv.db" pid=9574 comm="docker"
  requested_mask="k" denied_mask="k" fsuid=0 ouid=0

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Upstream-commit: 02411987ffc696e867ac202e79c82ac97b3ae69a
Component: engine
 2015-11-05 11:06:18 -05:00
Jessica Frazelle
d4a80fd40a change default docker-engine profile to a template based on apparmor_parser version 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: 8cf89245f5b5f9abb066f599cb69bfe0202bae5d
Component: engine
 2015-10-19 16:15:18 -07:00