We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #5534 from vieux/fix_apparmor_inside_container

Fix apparmor inside container
Michael Crosby 11 years ago
parent
8296125b32 de191e8632
commit
559dc9a66a
3 changed files with 4 additions and 2 deletions
Split View Show Diff Stats
  1. 0 1
      Dockerfile
  2. 3 0
      hack/dind
  3. 1 1
      pkg/apparmor/apparmor.go

+ 0 - 1
Dockerfile
View File 

@@ -47,7 +47,6 @@ RUN	apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
 
 	ruby1.9.1 \
 
 	ruby1.9.1-dev \
 
 	s3cmd=1.1.0* \
 
-	apparmor \
 
 	--no-install-recommends
 
 
 # Get and compile LXC 0.8 (since it is the most stable)

+ 3 - 0
hack/dind
View File 

@@ -9,6 +9,9 @@
 
 
 # Usage: dind CMD [ARG...]
 
 
+# apparmor sucks and Docker needs to know that it's in a container (c) @tianon
 
+export container=docker
 
+
 
 # First, make sure that cgroups are mounted correctly.
 
 CGROUP=/sys/fs/cgroup

+ 1 - 1
pkg/apparmor/apparmor.go
View File 

@@ -13,7 +13,7 @@ import (
 
 )
 
 
 func IsEnabled() bool {
 
-	if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil {
 
+	if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
 
 		buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
 
 		return err == nil && len(buf) > 1 && buf[0] == 'Y'
 
 	}

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5