diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2024-04-03 19:57:34 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2024-04-05 12:12:26 +0200 |
| commit | dc7b7f28b7328e17a49022368b6eb543ef1cc33a (patch) | |
| tree | 46dd3d6ea0fb44ef87a33d8978fe4b2ca9540058 | |
| parent | bbea2752f681d8c255779d912c9abdc8a7051b6f (diff) | |
| download | passt-dc7b7f28b7328e17a49022368b6eb543ef1cc33a.tar passt-dc7b7f28b7328e17a49022368b6eb543ef1cc33a.tar.gz passt-dc7b7f28b7328e17a49022368b6eb543ef1cc33a.tar.bz2 passt-dc7b7f28b7328e17a49022368b6eb543ef1cc33a.tar.lz passt-dc7b7f28b7328e17a49022368b6eb543ef1cc33a.tar.xz passt-dc7b7f28b7328e17a49022368b6eb543ef1cc33a.tar.zst passt-dc7b7f28b7328e17a49022368b6eb543ef1cc33a.zip | |
apparmor: Add mount rule with explicit, empty source in passt abstraction
For the policy to work as expected across either AppArmor commit
9d3f8c6cc05d ("parser: fix parsing of source as mount point for
propagation type flags") and commit 300889c3a4b7 ("parser: fix option
flag processing for single conditional rules"), we need one mount
rule with matching mount options as "source" (that is, without
source), and one without mount options and an explicit, empty source.
Link: https://github.com/containers/buildah/issues/5440
Link: https://bugzilla.suse.com/show_bug.cgi?id=1221840
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | contrib/apparmor/abstractions/passt | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/apparmor/abstractions/passt b/contrib/apparmor/abstractions/passt index 6bb25e0..61ec32c 100644 --- a/contrib/apparmor/abstractions/passt +++ b/contrib/apparmor/abstractions/passt @@ -27,6 +27,7 @@ / r, # isolate_prefork(), isolation.c mount options=(rw, runbindable) /, + mount "" -> "/", mount "" -> "/tmp/", pivot_root "/tmp/" -> "/tmp/", umount "/", |