github.com/jfrazelle/docker@v1.1.2-0.20210712172922-bf78e25fe508/daemon/apparmor_default.go (about) 1 // +build linux 2 3 package daemon // import "github.com/docker/docker/daemon" 4 5 import ( 6 "fmt" 7 8 "github.com/containerd/containerd/pkg/apparmor" 9 aaprofile "github.com/docker/docker/profiles/apparmor" 10 ) 11 12 // Define constants for native driver 13 const ( 14 unconfinedAppArmorProfile = "unconfined" 15 defaultAppArmorProfile = "docker-default" 16 ) 17 18 // DefaultApparmorProfile returns the name of the default apparmor profile 19 func DefaultApparmorProfile() string { 20 if apparmor.HostSupports() { 21 return defaultAppArmorProfile 22 } 23 return "" 24 } 25 26 func ensureDefaultAppArmorProfile() error { 27 if apparmor.HostSupports() { 28 loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile) 29 if err != nil { 30 return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultAppArmorProfile, err) 31 } 32 33 // Nothing to do. 34 if loaded { 35 return nil 36 } 37 38 // Load the profile. 39 if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil { 40 return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err) 41 } 42 } 43 44 return nil 45 }