github.com/docker/docker@v299999999.0.0-20200612211812-aaf470eca7b5+incompatible/daemon/apparmor_default.go

github.com/docker/docker@v299999999.0.0-20200612211812-aaf470eca7b5+incompatible/daemon/apparmor_default.go (about)

     1  // +build linux
     2  
     3  package daemon // import "github.com/docker/docker/daemon"
     4  
     5  import (
     6  	"fmt"
     7  
     8  	aaprofile "github.com/docker/docker/profiles/apparmor"
     9  	"github.com/opencontainers/runc/libcontainer/apparmor"
    10  )
    11  
    12  // Define constants for native driver
    13  const (
    14  	unconfinedAppArmorProfile = "unconfined"
    15  	defaultAppArmorProfile    = "docker-default"
    16  )
    17  
    18  func ensureDefaultAppArmorProfile() error {
    19  	if apparmor.IsEnabled() {
    20  		loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
    21  		if err != nil {
    22  			return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultAppArmorProfile, err)
    23  		}
    24  
    25  		// Nothing to do.
    26  		if loaded {
    27  			return nil
    28  		}
    29  
    30  		// Load the profile.
    31  		if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
    32  			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
    33  		}
    34  	}
    35  
    36  	return nil
    37  }