github.com/0xfoo/docker@v1.8.2/docs/security/apparmor.md

github.com/0xfoo/docker@v1.8.2/docs/security/apparmor.md (about)

     1  AppArmor security profiles for Docker
     2  --------------------------------------
     3  
     4  AppArmor (Application Armor) is a security module that allows a system
     5  administrator to associate a security profile with each program. Docker
     6  expects to find an AppArmor policy loaded and enforced.
     7  
     8  Container profiles are loaded automatically by Docker. A profile
     9  for the Docker Engine itself also exists and is installed
    10  with the official *.deb* packages. Advanced users and package
    11  managers may find the profile for */usr/bin/docker* underneath
    12  [contrib/apparmor](https://github.com/docker/docker/tree/master/contrib/apparmor)
    13  in the Docker Engine source repository.
    14  
    15  
    16  Understand the policies
    17  ------------------------
    18  
    19  The `docker-default` profile the default for running
    20  containers. It is moderately protective while
    21  providing wide application compatability.
    22  
    23  The system's standard `unconfined` profile inherits all
    24  system-wide policies, applying path-based policies
    25  intended for the host system inside of containers.
    26  This was the default for privileged containers
    27  prior to Docker 1.8.
    28  
    29  
    30  Overriding the profile for a container
    31  ---------------------------------------
    32  
    33  Users may override the AppArmor profile using the
    34  `security-opt` option (per-container).
    35  
    36  For example, the following explicitly specifies the default policy:
    37  
    38  ```
    39  $ docker run --rm -it --security-opt apparmor:docker-default hello-world
    40  ```
    41