apparmor: Add mount rule with explicit, empty source in passt abstraction
For the policy to work as expected across either AppArmor commit 9d3f8c6cc05d ("parser: fix parsing of source as mount point for propagation type flags") and commit 300889c3a4b7 ("parser: fix option flag processing for single conditional rules"), we need one mount rule with matching mount options as "source" (that is, without source), and one without mount options and an explicit, empty source. Link: https://github.com/containers/buildah/issues/5440 Link: https://bugzilla.suse.com/show_bug.cgi?id=1221840 Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
bbea2752f6
commit
dc7b7f28b7
1 changed files with 1 additions and 0 deletions
|
@ -27,6 +27,7 @@
|
|||
|
||||
/ r, # isolate_prefork(), isolation.c
|
||||
mount options=(rw, runbindable) /,
|
||||
mount "" -> "/",
|
||||
mount "" -> "/tmp/",
|
||||
pivot_root "/tmp/" -> "/tmp/",
|
||||
umount "/",
|
||||
|
|
Loading…
Reference in a new issue