From dc7b7f28b7328e17a49022368b6eb543ef1cc33a Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Wed, 3 Apr 2024 19:57:34 +0200 Subject: [PATCH] apparmor: Add mount rule with explicit, empty source in passt abstraction For the policy to work as expected across either AppArmor commit 9d3f8c6cc05d ("parser: fix parsing of source as mount point for propagation type flags") and commit 300889c3a4b7 ("parser: fix option flag processing for single conditional rules"), we need one mount rule with matching mount options as "source" (that is, without source), and one without mount options and an explicit, empty source. Link: https://github.com/containers/buildah/issues/5440 Link: https://bugzilla.suse.com/show_bug.cgi?id=1221840 Signed-off-by: Stefano Brivio --- contrib/apparmor/abstractions/passt | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/apparmor/abstractions/passt b/contrib/apparmor/abstractions/passt index 6bb25e0..61ec32c 100644 --- a/contrib/apparmor/abstractions/passt +++ b/contrib/apparmor/abstractions/passt @@ -27,6 +27,7 @@ / r, # isolate_prefork(), isolation.c mount options=(rw, runbindable) /, + mount "" -> "/", mount "" -> "/tmp/", pivot_root "/tmp/" -> "/tmp/", umount "/",