From 8737ed15ade65f171da607c6e53fbe5e87bb0171 Mon Sep 17 00:00:00 2001
From: Mike Beaton <mjsbeaton@gmail.com>
Date: Wed, 20 Nov 2024 13:27:49 +0000
Subject: [PATCH] Add docker-apparmor.sh

---
 docker-apparmor.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 docker-apparmor.sh

diff --git a/docker-apparmor.sh b/docker-apparmor.sh
new file mode 100644
index 0000000..252475b
--- /dev/null
+++ b/docker-apparmor.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+#
+# REF: https://github.com/docker/docs/pull/19638/files
+# REF: https://stackoverflow.com/a/20293759/795690
+#
+
+cat <<EOF > /etc/apparmor.d/$(echo $HOME/bin/rootlesskit | sed -e s@^/@@ -e s@/@.@g)
+abi <abi/4.0>,
+include <tunables/global>
+
+$HOME/bin/rootlesskit flags=(unconfined) {
+userns,
+
+include if exists <local/$(echo $HOME/bin/rootlesskit | sed -e s@^/@@ -e s@/@.@g)>
+}
+EOF
+
+systemctl restart apparmor.service