crun doesn't use apparmor stacking if confined and nnp set #1385
Comments
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 15, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 15, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 15, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 15, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 16, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 16, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 16, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 16, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 16, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 16, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 16, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Jan 17, 2024
In case crun is running under apparmor profile and no_new_privileges flag set for containers the only way apparmor allows a change of profile is when a profile is stacked on top of current profile to ensure no new permissions are gained Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Feb 1, 2024
Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Feb 2, 2024
Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Feb 2, 2024
Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Feb 2, 2024
Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer
added a commit
to idleroamer/crun
that referenced
this issue
Feb 2, 2024
Closes: containers#1385 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In case crun is confined under apparmor and no_new_privileges flag set for containers,
the only way apparmor allows a change of profile is when a profile is
stacked on top of current profile to ensure no new permissions are gainedThe text was updated successfully, but these errors were encountered: