Skip to content

Commit f689d64

Browse files
my-git9my-git9
committed
[zh-cn] sync apparmor.md
Signed-off-by: xin.li <[email protected]>
1 parent d4b0776 commit f689d64

File tree

1 file changed

+20
-8
lines changed

1 file changed

+20
-8
lines changed

content/zh-cn/docs/tutorials/security/apparmor.md

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ AppArmor 是一个可选的内核模块和 Kubernetes 特性,因此请在继
7171
kubelet 会先验证主机上是否已启用 AppArmor,然后再接纳显式配置了 AppArmor 的 Pod。
7272

7373
<!--
74-
3. Container runtime supports AppArmor -- All common Kubernetes-supported container
74+
1. Container runtime supports AppArmor -- All common Kubernetes-supported container
7575
runtimes should support AppArmor, including {{< glossary_tooltip term_id="cri-o" >}} and
7676
{{< glossary_tooltip term_id="containerd" >}}. Please refer to the corresponding runtime
7777
documentation and verify that the cluster fulfills the requirements to use AppArmor.
@@ -81,7 +81,7 @@ AppArmor 是一个可选的内核模块和 Kubernetes 特性,因此请在继
8181
请参考相应的运行时文档并验证集群是否满足使用 AppArmor 的要求。
8282

8383
<!--
84-
3. Profile is loaded -- AppArmor is applied to a Pod by specifying an AppArmor profile that each
84+
1. Profile is loaded -- AppArmor is applied to a Pod by specifying an AppArmor profile that each
8585
container should be run with. If any of the specified profiles is not loaded in the
8686
kernel, the kubelet will reject the Pod. You can view which profiles are loaded on a
8787
node by checking the `/sys/kernel/security/apparmor/profiles` file. For example:
@@ -455,14 +455,26 @@ AppArmor 配置文件有 2 个字段:
455455

456456
<!--
457457
`type` _(required)_ - indicates which kind of AppArmor profile will be applied. Valid options are:
458-
- `Localhost` - a profile pre-loaded on the node (specified by `localhostProfile`).
459-
- `RuntimeDefault` - the container runtime's default profile.
460-
- `Unconfined` - no AppArmor enforcement.
458+
459+
`Localhost`
460+
: a profile pre-loaded on the node (specified by `localhostProfile`).
461+
462+
`RuntimeDefault`
463+
: the container runtime's default profile.
464+
465+
`Unconfined`
466+
: no AppArmor enforcement.
461467
-->
462468
`type` **(必需)** - 指示将应用哪种 AppArmor 配置文件。有效选项是:
463-
- `Localhost` - 节点上预加载的配置文件(由 `localhostProfile` 指定)。
464-
- `RuntimeDefault` - 容器运行时的默认配置文件。
465-
- `Unconfined` - 没有 AppArmor 强制执行。
469+
470+
`Localhost`
471+
: 节点上预加载的配置文件(由 `localhostProfile` 指定)。
472+
473+
`RuntimeDefault`
474+
: 容器运行时的默认配置文件。
475+
476+
`Unconfined`
477+
: 不强制执行 AppArmor。
466478

467479
<!--
468480
`localhostProfile` - The name of a profile loaded on the node that should be used.

0 commit comments

Comments
 (0)