github.com/toplink-cn/moby@v0.0.0-20240305205811-460b4aebdf81/daemon/container_linux.go (about)

     1  //go:build !windows
     2  
     3  package daemon // import "github.com/docker/docker/daemon"
     4  
     5  import (
     6  	"github.com/docker/docker/container"
     7  	"github.com/docker/docker/errdefs"
     8  )
     9  
    10  func (daemon *Daemon) saveAppArmorConfig(container *container.Container) error {
    11  	container.AppArmorProfile = "" // we don't care about the previous value.
    12  
    13  	if !daemon.RawSysInfo().AppArmor {
    14  		return nil // if apparmor is disabled there is nothing to do here.
    15  	}
    16  
    17  	if err := parseSecurityOpt(&container.SecurityOptions, container.HostConfig); err != nil {
    18  		return errdefs.InvalidParameter(err)
    19  	}
    20  
    21  	if container.HostConfig.Privileged {
    22  		container.AppArmorProfile = unconfinedAppArmorProfile
    23  	} else if container.AppArmorProfile == "" {
    24  		container.AppArmorProfile = defaultAppArmorProfile
    25  	}
    26  	return nil
    27  }