github.com/endocode/docker@v1.4.2-0.20160113120958-46eb4700391e/docs/security/apparmor.md (about) 1 <!-- [metadata]> 2 +++ 3 draft = true 4 +++ 5 <![end-metadata]--> 6 7 AppArmor security profiles for Docker 8 -------------------------------------- 9 10 AppArmor (Application Armor) is a security module that allows a system 11 administrator to associate a security profile with each program. Docker 12 expects to find an AppArmor policy loaded and enforced. 13 14 Container profiles are loaded automatically by Docker. A profile 15 for the Docker Engine itself also exists and is installed 16 with the official *.deb* packages. Advanced users and package 17 managers may find the profile for */usr/bin/docker* underneath 18 [contrib/apparmor](https://github.com/docker/docker/tree/master/contrib/apparmor) 19 in the Docker Engine source repository. 20 21 22 Understand the policies 23 ------------------------ 24 25 The `docker-default` profile the default for running 26 containers. It is moderately protective while 27 providing wide application compatibility. 28 29 The system's standard `unconfined` profile inherits all 30 system-wide policies, applying path-based policies 31 intended for the host system inside of containers. 32 This was the default for privileged containers 33 prior to Docker 1.8. 34 35 36 Overriding the profile for a container 37 --------------------------------------- 38 39 Users may override the AppArmor profile using the 40 `security-opt` option (per-container). 41 42 For example, the following explicitly specifies the default policy: 43 44 ``` 45 $ docker run --rm -it --security-opt apparmor:docker-default hello-world 46 ``` 47