AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : notes_ansible_plugins notes_gui_gnu_linux_-_bureaux_divers notes_apparmor
tech:notes_apparmor
,

Notes AppArmor

Voir :

The nscd Apparmor profile is not prepared for that and needs some additional capabilities added.

Necessary changes are:

/etc/nscd.conf
        server-user             nobody
/etc/apparmor.d/usr.sbin.nscd
          capability setgid,
          capability setuid,

After adding these lines, restart Apparmor and subsequently nscd

source : https://www.suse.com/fr-fr/support/kb/doc/?id=000017971

K3S rootless

cat <<EOF | sudo tee "/etc/apparmor.d/usr.local.bin.k3s"
abi <abi/4.0>,
include <tunables/global>
 
/usr/local/bin/k3s flags=(unconfined) {
  userns,
 
  include if exists <local/usr.local.bin.k3s>
}
EOF
 
sudo systemctl restart apparmor.service

Source : https://docs.k3s.io/advanced

tech/notes_apparmor.txt · Dernière modification : de Jean-Baptiste
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki