I think I'll need to work a little bit more on them to dynamically add rules only for profiles that exist on the system, even though it works even if they don't exist. Is this a proper way to fix it? I have gained all my experience with AppArmor in last 2 days.
There's a similar issue with runc (and containerd and docker) reported here https:/ /bugs.launchpad .net/ubuntu/ +source/ apparmor/ +bug/2039294
I've opened PRs with a fix upstream: /github. com/containerd/ containerd/ pull/10123 /github. com/moby/ moby/pull/ 47749
- https:/
- https:/
I think I'll need to work a little bit more on them to dynamically add rules only for profiles that exist on the system, even though it works even if they don't exist. Is this a proper way to fix it? I have gained all my experience with AppArmor in last 2 days.
For podman a similar change should be applied to the profile template defined here https:/ /github. com/containers/ common/ blob/main/ pkg/apparmor/ apparmor_ linux_template. go. I can do that later.