github.com/docker/docker@v299999999.0.0-20200612211812-aaf470eca7b5+incompatible/daemon/apparmor_default.go (about) 1 // +build linux 2 3 package daemon // import "github.com/docker/docker/daemon" 4 5 import ( 6 "fmt" 7 8 aaprofile "github.com/docker/docker/profiles/apparmor" 9 "github.com/opencontainers/runc/libcontainer/apparmor" 10 ) 11 12 // Define constants for native driver 13 const ( 14 unconfinedAppArmorProfile = "unconfined" 15 defaultAppArmorProfile = "docker-default" 16 ) 17 18 func ensureDefaultAppArmorProfile() error { 19 if apparmor.IsEnabled() { 20 loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile) 21 if err != nil { 22 return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultAppArmorProfile, err) 23 } 24 25 // Nothing to do. 26 if loaded { 27 return nil 28 } 29 30 // Load the profile. 31 if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil { 32 return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err) 33 } 34 } 35 36 return nil 37 }