moby/daemon/container_linux.go
ROBERTO MUÑOZ d97a00dfd5 Added an apparmorEnabled boolean in the Daemon struct to indicate if AppArmor is enabled or not. It is set in NewDaemon using sysInfo information.
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>

Added an apparmorEnabled boolean in the Daemon struct to indicate if AppArmor is enabled or not. It is set in NewDaemon using sysInfo information.

Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>

gofmt'd

Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>

change the function name to something more adequate and changed the behaviour to show empty value on an apparmor disabled system.

Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>

go fmt

Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
2017-01-30 16:23:23 +01:00

29 lines
643 B
Go

//+build !windows
package daemon
import (
"github.com/docker/docker/container"
)
func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
container.AppArmorProfile = "" //we don't care about the previous value.
if !daemon.apparmorEnabled {
return nil // if apparmor is disabled there is nothing to do here.
}
if err := parseSecurityOpt(container, container.HostConfig); err != nil {
return err
}
if !container.HostConfig.Privileged {
if container.AppArmorProfile == "" {
container.AppArmorProfile = defaultApparmorProfile
}
} else {
container.AppArmorProfile = "unconfined"
}
return nil
}