gopkg.in/docker/docker.v20@v20.10.27/daemon/apparmor_default.go

gopkg.in/docker/docker.v20@v20.10.27/daemon/apparmor_default.go (about)

     1  //go:build linux
     2  // +build linux
     3  
     4  package daemon // import "github.com/docker/docker/daemon"
     5  
     6  import (
     7  	"fmt"
     8  
     9  	aaprofile "github.com/docker/docker/profiles/apparmor"
    10  	"github.com/opencontainers/runc/libcontainer/apparmor"
    11  )
    12  
    13  // Define constants for native driver
    14  const (
    15  	unconfinedAppArmorProfile = "unconfined"
    16  	defaultAppArmorProfile    = "docker-default"
    17  )
    18  
    19  // DefaultApparmorProfile returns the name of the default apparmor profile
    20  func DefaultApparmorProfile() string {
    21  	if apparmor.IsEnabled() {
    22  		return defaultAppArmorProfile
    23  	}
    24  	return ""
    25  }
    26  
    27  func ensureDefaultAppArmorProfile() error {
    28  	if apparmor.IsEnabled() {
    29  		loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
    30  		if err != nil {
    31  			return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultAppArmorProfile, err)
    32  		}
    33  
    34  		// Nothing to do.
    35  		if loaded {
    36  			return nil
    37  		}
    38  
    39  		// Load the profile.
    40  		if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
    41  			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
    42  		}
    43  	}
    44  
    45  	return nil
    46  }