Suppose I want to run nodejs in Docker and restrict it with AppArmor.
on host:
docker run --privileged -i -t ubuntu /bin/bash
inside docker:
apt-get update
apt-get install nodejs
nodejs //works fine at this step
apt-get install apparmor-profiles
apt-get install apparmor-utils
now I add a profile for nodejs into /etc/apparmor.d/usr.bin.nodejs:
include <tunables/global>
/usr/bin/nodejs {
#include <abstractions/base>
/usr/bin/nodejs mr,
network,
}
service apparmor reload
nodejs
response: nodejs: error while loading shared libraries: libz.so.1: cannot open shared object file: Permission denied
Suppose I want to run
nodejsin Docker and restrict it withAppArmor.on host:
docker run --privileged -i -t ubuntu /bin/bashinside docker:
apt-get updateapt-get install nodejsnodejs//works fine at this stepapt-get install apparmor-profilesapt-get install apparmor-utilsnow I add a profile for nodejs into
/etc/apparmor.d/usr.bin.nodejs:service apparmor reloadnodejsresponse:
nodejs: error while loading shared libraries: libz.so.1: cannot open shared object file: Permission denied