github.com/portworx/docker@v1.12.1/daemon/apparmor_default.go

github.com/portworx/docker@v1.12.1/daemon/apparmor_default.go (about)

     1  // +build linux
     2  
     3  package daemon
     4  
     5  import (
     6  	"github.com/Sirupsen/logrus"
     7  	aaprofile "github.com/docker/docker/profiles/apparmor"
     8  	"github.com/opencontainers/runc/libcontainer/apparmor"
     9  )
    10  
    11  // Define constants for native driver
    12  const (
    13  	defaultApparmorProfile = "docker-default"
    14  )
    15  
    16  func installDefaultAppArmorProfile() {
    17  	if apparmor.IsEnabled() {
    18  		if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
    19  			apparmorProfiles := []string{defaultApparmorProfile}
    20  
    21  			// Allow daemon to run if loading failed, but are active
    22  			// (possibly through another run, manually, or via system startup)
    23  			for _, policy := range apparmorProfiles {
    24  				if err := aaprofile.IsLoaded(policy); err != nil {
    25  					logrus.Errorf("AppArmor enabled on system but the %s profile could not be loaded.", policy)
    26  				}
    27  			}
    28  		}
    29  	}
    30  }