AppArmor: add missing rules for running in userns

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
jessfraz · Sep 30, 2019 · 404d87e · 404d87e
1 parent 32c32b6
commit 404d87e
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/contrib/apparmor/template.go b/contrib/apparmor/template.go
@@ -31,6 +31,9 @@ profile /usr/bin/docker (attach_disconnected, complain) {
   @{DOCKER_GRAPH_PATH}/** rwl,
   @{DOCKER_GRAPH_PATH}/network/files/boltdb.db k,
   @{DOCKER_GRAPH_PATH}/network/files/local-kv.db k,
+  # For user namespaces:
+  @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/network/files/boltdb.db k,
+  @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/network/files/local-kv.db k,
 
   # For non-root client use:
   /dev/urandom r,