CORRECT TEXT

CORRECT TEXT

On the Cluster worker node, enforce the prepared AppArmor profile

✑ #include<tunables/global>

✑

✑ profilenginx-deny flags=(attach_disconnected) {

✑ #include<abstractions/base>

✑

✑ file,

✑

✑ # Deny all file writes.

✑ deny/** w,

✑ }

✑ EOF’

Edit the prepared manifest file to include the AppArmor profile.

✑ apiVersion: v1

✑ kind: Pod

✑ metadata:

✑ name:apparmor-pod

✑ spec:

✑ containers:

✑ – name: apparmor-pod

✑ image: nginx

Finally, apply the manifests files and create the Pod specified on it.

Verify: Try to make a file inside the directory which is restricted.

View Answer

Answer: Send us your Feedback on this.