apparmor_default.go 814 B

123456789101112131415161718192021222324252627282930313233343536
  1. // +build linux
  2. package daemon
  3. import (
  4. "fmt"
  5. aaprofile "github.com/docker/docker/profiles/apparmor"
  6. "github.com/opencontainers/runc/libcontainer/apparmor"
  7. )
  8. // Define constants for native driver
  9. const (
  10. defaultApparmorProfile = "docker-default"
  11. )
  12. func ensureDefaultAppArmorProfile() error {
  13. if apparmor.IsEnabled() {
  14. loaded, err := aaprofile.IsLoaded(defaultApparmorProfile)
  15. if err != nil {
  16. return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultApparmorProfile, err)
  17. }
  18. // Nothing to do.
  19. if loaded {
  20. return nil
  21. }
  22. // Load the profile.
  23. if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
  24. return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err)
  25. }
  26. }
  27. return nil
  28. }