CORRECT TEXT
CORRECT TEXT
On the Cluster worker node, enforce the prepared AppArmor profile
✑ #include<tunables/global>
✑ profile nginx-deny flags=(attach_disconnected) {
✑ #include<abstractions/base>
✑ file,
✑ # Deny all file writes.
✑ deny/** w,
✑ }
✑ EOF’
Edit the prepared manifest file to include the AppArmor profile.
✑ apiVersion: v1
✑ kind: Pod
✑ metadata:
✑ name: apparmor-pod
✑ spec:
✑ containers:
✑ – name: apparmor-pod
✑ image: nginx
Finally, apply the manifests files and create the Pod specified on it.
Verify: Try to make a file inside the directory which is restricted.
Answer: Send us your Feedback on this.
Latest CKS Dumps Valid Version with 44 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
                             Subscribe
                            
                        
                                            
                             Login                        
                    
                        0 Comments                    
                                        
                     Inline Feedbacks                    
                    View all comments
                 
	