Browse Source

[apparmor] add profile for docker container

Author: corona@mail.i2p

Signed-off-by: r4sas <r4sas@i2pmail.org>
pull/1949/merge 2.50.0
R4SAS 1 year ago
parent
commit
beffdb9fe1
Signed by: r4sas
GPG Key ID: 66F6C87B98EBCFE2
  1. 42
      contrib/apparmor/docker-i2pd

42
contrib/apparmor/docker-i2pd

@ -0,0 +1,42 @@ @@ -0,0 +1,42 @@
# _________________________________________
# / Copy this file to the right location \
# | then load with: |
# | |
# | apparmor_parser -r -W |
# | /etc/apparmor.d/docker-i2pd |
# | |
# | docker run --security-opt |
# | "apparmor=docker-i2pd" ... |
# | purplei2p/i2pd |
# | |
# \ And "aa-status" to verify it's loaded. /
# -----------------------------------------
# \ ^__^
# \ (oo)\_______
# (__)\ )\/\
# ||----w |
# || ||
#include <tunables/global>
profile docker-i2pd flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
#include <abstractions/openssl>
#include <abstractions/nameservice>
/bin/busybox ix,
/usr/local/bin/i2pd ix,
/entrypoint.sh ixr,
/i2pd_certificates/** r,
/home/i2pd/data/** rw,
/home/i2pd/data/i2pd.pid k,
deny /home/i2pd/data/i2pd.conf w,
deny /home/i2pd/data/tunnels.conf w,
deny /home/i2pd/data/tunnels.d/** w,
deny /home/i2pd/data/certificates/** w,
deny /home/i2pd/data/i2pd.log r,
}
Loading…
Cancel
Save