kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update apparmor.md

pull/4969/merge
Weibin Lin 2017-08-15 16:08:32 +08:00 committed by Zachary Corleissen
parent 4a7d977170
commit 5b95a18947
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/tutorials/clusters/apparmor.md
View File

@ -130,8 +130,8 @@ container.apparmor.security.beta.kubernetes.io/<container_name>: <profile_ref>
Where `<container_name>` is the name of the container to apply the profile to, and `<profile_ref>`
specifies the profile to apply. The `profile_ref` can be one of:
* `runtime/default` to apply the runtime's default profile.
* `localhost/<profile_name>` to apply the profile loaded on the host with the name `<profile_name>`.
* `runtime/default` to apply the runtime's default profile
* `localhost/<profile_name>` to apply the profile loaded on the host with the name `<profile_name>`
See the [API Reference](#api-reference) for the full details on the annotation and profile name formats.
@ -370,7 +370,7 @@ explicitly reject the annotations for at least 2 releases after that.
Getting AppArmor profiles specified correctly can be a tricky business. Fortunately there are some
tools to help with that:
* `aa-genprof` and `aa-logprof` generate profile rules by monitoring an application's activities and
* `aa-genprof` and `aa-logprof` generate profile rules by monitoring an application's activity and
logs, and admitting the actions it takes. Further instructions are provided by the
[AppArmor documentation](http://wiki.apparmor.net/index.php/Profiling_with_tools).
* [bane](https://github.com/jfrazelle/bane) is an AppArmor profile generator for Docker that uses a