apparmor: pull in variables from tunables/global
The variables that were defined at the top of the apparmor profile are best pulled in via the <tunables/global> include. Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
This commit is contained in:
Michael Brown
parent
0bcebe0347
commit
7c63627a7f
1 changed files with 1 additions and 6 deletions
|
|
@ -11,13 +11,8 @@ import (
|
|||
const DefaultProfilePath = "/etc/apparmor.d/docker"
|
||||
const DefaultProfile = `
|
||||
# AppArmor profile from lxc for containers.
|
||||
@{HOME}=@{HOMEDIRS}/*/ /root/
|
||||
@{HOMEDIRS}=/home/
|
||||
#@{HOMEDIRS}+=
|
||||
@{multiarch}=*-linux-gnu*
|
||||
@{PROC}=/proc/
|
||||
@{pid}=self
|
||||
|
||||
#include <tunables/global>
|
||||
profile docker-default flags=(attach_disconnected,mediate_deleted) {
|
||||
#include <abstractions/base>
|
||||
network,
|
||||
|
|
|
|||
Loading…
Reference in a new issue