3eebf4d162
- Split these options to a separate struct, so that we can handle them in isolation. - Change some tests to use subtests, and improve coverage Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
28 lines
796 B
Go
28 lines
796 B
Go
//go:build !windows
|
|
// +build !windows
|
|
|
|
package daemon // import "github.com/docker/docker/daemon"
|
|
|
|
import (
|
|
"github.com/docker/docker/container"
|
|
"github.com/docker/docker/errdefs"
|
|
)
|
|
|
|
func (daemon *Daemon) saveAppArmorConfig(container *container.Container) error {
|
|
container.AppArmorProfile = "" // we don't care about the previous value.
|
|
|
|
if !daemon.RawSysInfo().AppArmor {
|
|
return nil // if apparmor is disabled there is nothing to do here.
|
|
}
|
|
|
|
if err := parseSecurityOpt(&container.SecurityOptions, container.HostConfig); err != nil {
|
|
return errdefs.InvalidParameter(err)
|
|
}
|
|
|
|
if container.HostConfig.Privileged {
|
|
container.AppArmorProfile = unconfinedAppArmorProfile
|
|
} else if container.AppArmorProfile == "" {
|
|
container.AppArmorProfile = defaultAppArmorProfile
|
|
}
|
|
return nil
|
|
}
|