proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-04-30 21:34:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[aa-profile] Deny access to /proc/acpi/**

Browse Source 
Signed-off-by: Pierre-Elliott Bécue <becue@crans.org>
This commit is contained in:
Pierre-Elliott Bécue 2019-08-10 22:07:42 +02:00
parent 772900e7d2
commit ec90f35b4c
No known key found for this signature in database
GPG Key ID: 29BFA0D079290ACA
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/apparmor/abstractions/container-base.in
View File

@ -73,6 +73,7 @@
# block some other dangerous paths # block some other dangerous paths
deny @{PROC}/kcore rwklx, deny @{PROC}/kcore rwklx,
deny @{PROC}/sysrq-trigger rwklx, deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/acpi/** rwklx,
# deny writes in /sys except for /sys/fs/cgroup, also allow # deny writes in /sys except for /sys/fs/cgroup, also allow
# fusectl, securityfs and debugfs to be mounted there (read-only) # fusectl, securityfs and debugfs to be mounted there (read-only)