AppArmor: add missing rules for running in userns

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 404d87ec6946aaa9c130b64c0c75514a2fcd50c0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 08420b1c958e80df9fc10c2b92e21bf88b144142
Component: engine

Author: thaJeztah

components/engine/contrib/apparmor/template.go

@@ -31,6 +31,9 @@ profile /usr/bin/docker (attach_disconnected, complain) {
   @{DOCKER_GRAPH_PATH}/** rwl,
   @{DOCKER_GRAPH_PATH}/network/files/boltdb.db k,
   @{DOCKER_GRAPH_PATH}/network/files/local-kv.db k,
+  # For user namespaces:
+  @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/network/files/boltdb.db k,
+  @{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/network/files/local-kv.db k,
 
   # For non-root client use:
   /dev/urandom r,