• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
AppArmor profiles
#1
How does the AppArmor part work on the netPI? Is it one pre-configured profile that is used by all containers or is it possible to specify new profiles and use different profiles for different containers?
  Reply
#2
Hello Johannes,

the AppArmor profile only covers the netPI's Web GUI, corresponding services and then of course the Docker Daemon itself. To be honest more is not installed on netPI, all the rest comes with containers.

Docker has root rights on the system and this is why we have restricted it by a AppArmor Profile. So all restrictions are automatically inherited to all containers. They will never succeed to write data to the kernel or compromise it for example. But for a proper operation and under normal conditions this is not necessary at all in my eyes.

netPI is a secured Docker host and not as open as Raspbian is for example. This cirumstance prevents us from annoying questions around the kernel and what can be if ... and what is if I and da da da and all such questions. The focus is on containers and problems there can be easily localized.

Regards
Armin
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)