From a9a9747fbe5cd4cea8d6400ee5d1247e00868b68 Mon Sep 17 00:00:00 2001
From: Mike Beaton <mjsbeaton@gmail.com>
Date: Wed, 20 Nov 2024 13:27:49 +0000
Subject: [PATCH] Add docker-apparmor.sh

---
 docker-apparmor.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 docker-apparmor.sh

diff --git a/docker-apparmor.sh b/docker-apparmor.sh
new file mode 100644
index 0000000..b490c48
--- /dev/null
+++ b/docker-apparmor.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+#
+# REF: https://github.com/docker/docs/pull/19638/files
+# REF: https://stackoverflow.com/a/20293759/795690
+#
+sudo tee -a /etc/apparmor.d/$(echo $HOME/bin/rootlesskit | sed -e s@^/@@ -e s@/@.@g) > /dev/null << EOF
+abi <abi/4.0>,
+include <tunables/global>
+
+$HOME/bin/rootlesskit flags=(unconfined) {
+userns,
+
+include if exists <local/$(echo $HOME/bin/rootlesskit | sed -e s@^/@@ -e s@/@.@g)>
+}
+EOF
+
+sudo systemctl restart apparmor.service