moby/pkg/aaparser
Aleksa Sarai dd340c52cb
apparmor: make pkg/aaparser work on read-only root
This is necessary because normally `apparmor_parser -r` will try to
create a temporary directory on the host (which is not allowed if the
host has a rootfs). However, the -K option bypasses saving things to the
cache (which avoids this issue).

  % apparmor_parser -r /tmp/docker-profile
  mkstemp: Read-only file system
  % apparmor_parser -Kr /tmp/docker-profile
  %

In addition, add extra information to the ensureDefaultAppArmorProfile
errors so that problems like this are easier to debug.

Fixes: 2f7596aaef ("apparmor: do not save profile to /etc/apparmor.d")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-05-18 00:05:13 +10:00
..
aaparser.go apparmor: make pkg/aaparser work on read-only root 2017-05-18 00:05:13 +10:00
aaparser_test.go apparmor: fix version checks to work properly 2016-02-15 20:36:07 +11:00