github.com/vvnotw/moby@v1.13.1/daemon/apparmor_default.go

github.com/vvnotw/moby@v1.13.1/daemon/apparmor_default.go (about)

     1  // +build linux
     2  
     3  package daemon
     4  
     5  import (
     6  	"fmt"
     7  
     8  	aaprofile "github.com/docker/docker/profiles/apparmor"
     9  	"github.com/opencontainers/runc/libcontainer/apparmor"
    10  )
    11  
    12  // Define constants for native driver
    13  const (
    14  	defaultApparmorProfile = "docker-default"
    15  )
    16  
    17  func ensureDefaultAppArmorProfile() error {
    18  	if apparmor.IsEnabled() {
    19  		loaded, err := aaprofile.IsLoaded(defaultApparmorProfile)
    20  		if err != nil {
    21  			return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultApparmorProfile, err)
    22  		}
    23  
    24  		// Nothing to do.
    25  		if loaded {
    26  			return nil
    27  		}
    28  
    29  		// Load the profile.
    30  		if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
    31  			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded.", defaultApparmorProfile)
    32  		}
    33  	}
    34  
    35  	return nil
    36  }