github.com/jfrazelle/docker@v1.1.2-0.20210712172922-bf78e25fe508/daemon/apparmor_default.go (about)

     1  // +build linux
     2  
     3  package daemon // import "github.com/docker/docker/daemon"
     4  
     5  import (
     6  	"fmt"
     7  
     8  	"github.com/containerd/containerd/pkg/apparmor"
     9  	aaprofile "github.com/docker/docker/profiles/apparmor"
    10  )
    11  
    12  // Define constants for native driver
    13  const (
    14  	unconfinedAppArmorProfile = "unconfined"
    15  	defaultAppArmorProfile    = "docker-default"
    16  )
    17  
    18  // DefaultApparmorProfile returns the name of the default apparmor profile
    19  func DefaultApparmorProfile() string {
    20  	if apparmor.HostSupports() {
    21  		return defaultAppArmorProfile
    22  	}
    23  	return ""
    24  }
    25  
    26  func ensureDefaultAppArmorProfile() error {
    27  	if apparmor.HostSupports() {
    28  		loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
    29  		if err != nil {
    30  			return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultAppArmorProfile, err)
    31  		}
    32  
    33  		// Nothing to do.
    34  		if loaded {
    35  			return nil
    36  		}
    37  
    38  		// Load the profile.
    39  		if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
    40  			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
    41  		}
    42  	}
    43  
    44  	return nil
    45  }