Add initial apparmor profiles #716
Conversation
|
|
There was a problem hiding this comment.
Reviewed 4 of 4 files at r1.
Reviewable status: 0 of 2 LGTMs obtained
There was a problem hiding this comment.
That would be the first and the only .rst file in our repo, without any specific reason. Could you translate it into markdown?
Also could you add some small section to https://github.com/Mirantis/virtlet/blob/master/docs/architecture.md or/and to main README.md about that?
Also take a look on https://github.com/Mirantis/virtlet/blob/master/deploy/real-cluster.md#installing-virtlet-on-a-real-cluster where we have an info that app armor needs to be disabled. It could be pointed that using these files it could be made working with Virtlet.
The last thing would be a position of this added directory. Could you move it into e.g. deploy/ ?
Reviewed 4 of 4 files at r1.
Reviewable status: 1 of 2 LGTMs obtained
apparmor/README.rst, line 5 at r1 (raw file):
====================== In order to get virtlet works on an apparmor enabled environment
I'm not fully confident about that, but maybe In order do get virtlet working in an apparmor enabled environment would be more grammatically correct?
|
@jellonek Sure will do. But I'm in doubt what actually should I describe in the architecture. Because the apparmor is not a part of the virtlet. IMO it's better to mention the apparmor in https://github.com/Mirantis/virtlet/blob/master/deploy/real-cluster.md |
|
It's probably the only place where we have an info about apparmor disabling, so yes, imo it's best place. |
There was a problem hiding this comment.
Reviewable status: 0 of 2 LGTMs obtained, and 1 stale
deploy/apparmor/README.md, line 6 at r2 (raw file):
an [apparmor](https://gitlab.com/apparmor/apparmor/wikis/home) enabled environment follow the next steps: * install these profiles into the corresponding directory (/etc/apparmor.d/ if you use Debian or its derivatives)
would be nice to mention where are the profiles before this phrase ("these" profiles). E.g. "the profiles located in this directory"
also, add cmd for installing the profiles
|
LGTM |
There was a problem hiding this comment.
Reviewed 5 of 6 files at r2, 1 of 1 files at r3.
Reviewable status: 0 of 2 LGTMs obtained, and 1 stale
There was a problem hiding this comment.
Reviewed 5 of 6 files at r2, 1 of 1 files at r3.
Reviewable status: 1 of 2 LGTMs obtained, and 1 stale
This change is