6 gadi atpakaļ · 5d040cbd16
--- a/daemon/apparmor_default.go
+++ b/daemon/apparmor_default.go
@@ -12,14 +12,14 @@ import (
 
				 // Define constants for native driver
			
 
				 const (
			
 
				 	unconfinedAppArmorProfile = "unconfined"
			
 
				-	defaultApparmorProfile    = "docker-default"
			
 
				+	defaultAppArmorProfile    = "docker-default"
			
 
				 )
			
 
				 
			
 
				 func ensureDefaultAppArmorProfile() error {
			
 
				 	if apparmor.IsEnabled() {
			
 
				-		loaded, err := aaprofile.IsLoaded(defaultApparmorProfile)
			
 
				+		loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
			
 
				 		if err != nil {
			
 
				-			return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultApparmorProfile, err)
			
 
				+			return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultAppArmorProfile, err)
			
 
				 		}
			
 
				 
			
 
				 		// Nothing to do.
			
@@ -28,8 +28,8 @@ func ensureDefaultAppArmorProfile() error {
 
				 		}
			
 
				 
			
 
				 		// Load the profile.
			
 
				-		if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
			
 
				-			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err)
			
 
				+		if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
			
 
				+			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
			
 
				 		}
			
 
				 	}
			
 
				 
			
--- a/daemon/container_linux.go
+++ b/daemon/container_linux.go
@@ -7,7 +7,7 @@ import (
 
				 	"github.com/docker/docker/errdefs"
			
 
				 )
			
 
				 
			
 
				-func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
			
 
				+func (daemon *Daemon) saveAppArmorConfig(container *container.Container) error {
			
 
				 	container.AppArmorProfile = "" // we don't care about the previous value.
			
 
				 
			
 
				 	if !daemon.apparmorEnabled {
			
@@ -20,7 +20,7 @@ func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
 
				 
			
 
				 	if !container.HostConfig.Privileged {
			
 
				 		if container.AppArmorProfile == "" {
			
 
				-			container.AppArmorProfile = defaultApparmorProfile
			
 
				+			container.AppArmorProfile = defaultAppArmorProfile
			
 
				 		}
			
 
				 
			
 
				 	} else {
			
--- a/daemon/container_windows.go
+++ b/daemon/container_windows.go
@@ -4,6 +4,6 @@ import (
 
				 	"github.com/docker/docker/container"
			
 
				 )
			
 
				 
			
 
				-func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
			
 
				+func (daemon *Daemon) saveAppArmorConfig(container *container.Container) error {
			
 
				 	return nil
			
 
				 }
			
--- a/daemon/daemon_linux.go
+++ b/daemon/daemon_linux.go
@@ -127,7 +127,7 @@ func shouldUnmountRoot(root string, info *mountinfo.Info) bool {
 
				 	if !strings.HasSuffix(root, info.Root) {
			
 
				 		return false
			
 
				 	}
			
 
				-	return hasMountinfoOption(info.Optional, sharedPropagationOption)
			
 
				+	return hasMountInfoOption(info.Optional, sharedPropagationOption)
			
 
				 }
			
 
				 
			
 
				 // setupResolvConf sets the appropriate resolv.conf file if not specified
			
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -1326,7 +1326,7 @@ func setupDaemonRootPropagation(cfg *config.Config) error {
 
				 		}
			
 
				 	}()
			
 
				 
			
 
				-	if hasMountinfoOption(options, sharedPropagationOption, slavePropagationOption) {
			
 
				+	if hasMountInfoOption(options, sharedPropagationOption, slavePropagationOption) {
			
 
				 		cleanupOldFile = true
			
 
				 		return nil
			
 
				 	}
			
--- a/daemon/exec_linux.go
+++ b/daemon/exec_linux.go
@@ -40,10 +40,10 @@ func (daemon *Daemon) execSetPlatformOpt(c *container.Container, ec *exec.Config
 
				 			// profiles. Privileged configuration of the container is inherited
			
 
				 			appArmorProfile = unconfinedAppArmorProfile
			
 
				 		} else {
			
 
				-			appArmorProfile = defaultApparmorProfile
			
 
				+			appArmorProfile = defaultAppArmorProfile
			
 
				 		}
			
 
				 
			
 
				-		if appArmorProfile == defaultApparmorProfile {
			
 
				+		if appArmorProfile == defaultAppArmorProfile {
			
 
				 			// Unattended upgrades and other fun services can unload AppArmor
			
 
				 			// profiles inadvertently. Since we cannot store our profile in
			
 
				 			// /etc/apparmor.d, nor can we practically add other ways of
			
--- a/daemon/oci_linux.go
+++ b/daemon/oci_linux.go
@@ -135,10 +135,10 @@ func WithApparmor(c *container.Container) coci.SpecOpts {
 
				 			} else if c.HostConfig.Privileged {
			
 
				 				appArmorProfile = unconfinedAppArmorProfile
			
 
				 			} else {
			
 
				-				appArmorProfile = defaultApparmorProfile
			
 
				+				appArmorProfile = defaultAppArmorProfile
			
 
				 			}
			
 
				 
			
 
				-			if appArmorProfile == defaultApparmorProfile {
			
 
				+			if appArmorProfile == defaultAppArmorProfile {
			
 
				 				// Unattended upgrades and other fun services can unload AppArmor
			
 
				 				// profiles inadvertently. Since we cannot store our profile in
			
 
				 				// /etc/apparmor.d, nor can we practically add other ways of
			
@@ -397,9 +397,9 @@ const (
 
				 	slavePropagationOption  = "master:"
			
 
				 )
			
 
				 
			
 
				-// hasMountinfoOption checks if any of the passed any of the given option values
			
 
				+// hasMountInfoOption checks if any of the passed any of the given option values
			
 
				 // are set in the passed in option string.
			
 
				-func hasMountinfoOption(opts string, vals ...string) bool {
			
 
				+func hasMountInfoOption(opts string, vals ...string) bool {
			
 
				 	for _, opt := range strings.Split(opts, " ") {
			
 
				 		for _, val := range vals {
			
 
				 			if strings.HasPrefix(opt, val) {
			
@@ -417,7 +417,7 @@ func ensureShared(path string) error {
 
				 		return err
			
 
				 	}
			
 
				 	// Make sure source mount point is shared.
			
 
				-	if !hasMountinfoOption(optionalOpts, sharedPropagationOption) {
			
 
				+	if !hasMountInfoOption(optionalOpts, sharedPropagationOption) {
			
 
				 		return errors.Errorf("path %s is mounted on %s but it is not a shared mount", path, sourceMount)
			
 
				 	}
			
 
				 	return nil
			
@@ -430,7 +430,7 @@ func ensureSharedOrSlave(path string) error {
 
				 		return err
			
 
				 	}
			
 
				 
			
 
				-	if !hasMountinfoOption(optionalOpts, sharedPropagationOption, slavePropagationOption) {
			
 
				+	if !hasMountInfoOption(optionalOpts, sharedPropagationOption, slavePropagationOption) {
			
 
				 		return errors.Errorf("path %s is mounted on %s but it is not a shared or slave mount", path, sourceMount)
			
 
				 	}
			
 
				 	return nil
			
--- a/daemon/start.go
+++ b/daemon/start.go
@@ -164,7 +164,7 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 
				 		container.HasBeenManuallyStopped = false
			
 
				 	}
			
 
				 
			
 
				-	if err := daemon.saveApparmorConfig(container); err != nil {
			
 
				+	if err := daemon.saveAppArmorConfig(container); err != nil {
			
 
				 		return err
			
 
				 	}