AppArmor profile tweaks

ecs-init/apparmor/apparmor.go

@@ -21,7 +21,10 @@ const ecsAgentDefaultProfile = `
 profile ecs-agent-default flags=(attach_disconnected,mediate_deleted) {
   #include <abstractions/base>
 
-  network,
+  network inet,
+  network inet6,
+  network netlink,
+  network unix,
   capability,
   file,
   umount,
@@ -31,7 +34,7 @@ profile ecs-agent-default flags=(attach_disconnected,mediate_deleted) {
   signal (send,receive) peer=ecs-agent-default,
 
   # ECS agent requires DBUS send
-  dbus (send) bus=system,
+  dbus (send,receive) bus=system,
 
   deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
   # deny write to files not in /proc/<number>/** or /proc/sys/**