10 anos atrás · c2c5e57a8e
--- a/daemon/container.go
+++ b/daemon/container.go
@@ -77,6 +77,7 @@ type Container struct {
 
				 
			
 
				 	daemon                   *Daemon
			
 
				 	MountLabel, ProcessLabel string
			
 
				+	AppArmorProfile          string
			
 
				 	RestartCount             int
			
 
				 
			
 
				 	// Maps container paths to volume paths.  The key in this is the path to which
			
@@ -275,6 +276,7 @@ func populateCommand(c *Container, env []string) error {
 
				 		ProcessLabel:       c.GetProcessLabel(),
			
 
				 		MountLabel:         c.GetMountLabel(),
			
 
				 		LxcConfig:          lxcConfig,
			
 
				+		AppArmorProfile:    c.AppArmorProfile,
			
 
				 	}
			
 
				 
			
 
				 	return nil
			
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@@ -561,8 +561,16 @@ func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *i
 
				 
			
 
				 	for _, opt := range config.SecurityOpt {
			
 
				 		con := strings.SplitN(opt, ":", 2)
			
 
				-		if con[0] == "label" {
			
 
				+		if len(con) == 1 {
			
 
				+			return nil, fmt.Errorf("Invalid --security-opt: %q", opt)
			
 
				+		}
			
 
				+		switch con[0] {
			
 
				+		case "label":
			
 
				 			label_opts = append(label_opts, con[1])
			
 
				+		case "apparmor":
			
 
				+			container.AppArmorProfile = con[1]
			
 
				+		default:
			
 
				+			return nil, fmt.Errorf("Invalid --security-opt: %q", opt)
			
 
				 		}
			
 
				 	}
			
 
				 
			
--- a/daemon/execdriver/driver.go
+++ b/daemon/execdriver/driver.go
@@ -116,4 +116,5 @@ type Command struct {
 
				 	ProcessLabel       string            `json:"process_label"`
			
 
				 	MountLabel         string            `json:"mount_label"`
			
 
				 	LxcConfig          []string          `json:"lxc_config"`
			
 
				+	AppArmorProfile    string            `json:"apparmor_profile"`
			
 
				 }
			
--- a/daemon/execdriver/lxc/driver.go
+++ b/daemon/execdriver/lxc/driver.go
@@ -409,10 +409,7 @@ func rootIsShared() bool {
 
				 }
			
 
				 
			
 
				 func (d *driver) generateLXCConfig(c *execdriver.Command) (string, error) {
			
 
				-	var (
			
 
				-		root       = path.Join(d.root, "containers", c.ID, "config.lxc")
			
 
				-		label_opts []string
			
 
				-	)
			
 
				+	root := path.Join(d.root, "containers", c.ID, "config.lxc")
			
 
				 
			
 
				 	fo, err := os.Create(root)
			
 
				 	if err != nil {
			
--- a/daemon/execdriver/native/create.go
+++ b/daemon/execdriver/native/create.go
@@ -49,6 +49,10 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, e
 
				 		}
			
 
				 	}
			
 
				 
			
 
				+	if c.AppArmorProfile != "" {
			
 
				+		container.AppArmorProfile = c.AppArmorProfile
			
 
				+	}
			
 
				+
			
 
				 	if err := d.setupCgroups(container, c); err != nil {
			
 
				 		return nil, err
			
 
				 	}