d97a00dfd5
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com> Added an apparmorEnabled boolean in the Daemon struct to indicate if AppArmor is enabled or not. It is set in NewDaemon using sysInfo information. Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com> gofmt'd Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com> change the function name to something more adequate and changed the behaviour to show empty value on an apparmor disabled system. Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com> go fmt Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
29 lines
643 B
Go
29 lines
643 B
Go
//+build !windows
|
|
|
|
package daemon
|
|
|
|
import (
|
|
"github.com/docker/docker/container"
|
|
)
|
|
|
|
func (daemon *Daemon) saveApparmorConfig(container *container.Container) error {
|
|
container.AppArmorProfile = "" //we don't care about the previous value.
|
|
|
|
if !daemon.apparmorEnabled {
|
|
return nil // if apparmor is disabled there is nothing to do here.
|
|
}
|
|
|
|
if err := parseSecurityOpt(container, container.HostConfig); err != nil {
|
|
return err
|
|
}
|
|
|
|
if !container.HostConfig.Privileged {
|
|
if container.AppArmorProfile == "" {
|
|
container.AppArmorProfile = defaultApparmorProfile
|
|
}
|
|
|
|
} else {
|
|
container.AppArmorProfile = "unconfined"
|
|
}
|
|
return nil
|
|
}
|