From 06cc0ba6ba765e3ca6d304a8c3df0bb463fb462d Mon Sep 17 00:00:00 2001 From: Xianglin Gao Date: Wed, 30 Nov 2016 16:36:07 +0800 Subject: [PATCH] Add docs about apparmor profile setting Signed-off-by: Xianglin Gao --- cmd/server/config.go | 2 +- cmd/server/main.go | 2 +- docs/ocid.8.md | 8 ++++++-- docs/ocid.conf.5.md | 7 +++++-- server/apparmor/apparmor.go | 2 +- 5 files changed, 14 insertions(+), 7 deletions(-) diff --git a/cmd/server/config.go b/cmd/server/config.go index c4c3fe5b..0988976e 100644 --- a/cmd/server/config.go +++ b/cmd/server/config.go @@ -15,7 +15,7 @@ const ( conmonPath = "/usr/libexec/ocid/conmon" pausePath = "/usr/libexec/ocid/pause" seccompProfilePath = "/etc/ocid/seccomp.json" - apparmorProfileName = "crio-default" + apparmorProfileName = "ocid-default" ) var commentedConfigTemplate = template.Must(template.New("config").Parse(` diff --git a/cmd/server/main.go b/cmd/server/main.go index 6774feaf..e9dcf7be 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -140,7 +140,7 @@ func main() { }, cli.StringFlag{ Name: "apparmor-profile", - Usage: "default apparmor profile name (default: \"crio-default\")", + Usage: "default apparmor profile name (default: \"ocid-default\")", }, cli.BoolFlag{ Name: "selinux", diff --git a/docs/ocid.8.md b/docs/ocid.8.md index 81f40008..aad95477 100644 --- a/docs/ocid.8.md +++ b/docs/ocid.8.md @@ -20,6 +20,7 @@ ocid - Enable OCI Kubernetes Container Runtime daemon [**--sandboxdir**=[*value*]] [**--selinux**] [**--seccomp-profile**=[*value*]] +[**--apparmor-profile**=[*value*]] [**--version**|**-v**] # DESCRIPTION @@ -76,12 +77,15 @@ ocid is meant to provide an integration path between OCI conformant runtimes and **--sandboxdir**="" OCID pod sandbox dir (default: "/var/lib/ocid/sandboxes") -**--selinux** +**--selinux**=*true*|*false* Enable selinux support (default: false) -**seccomp_profile** +**--seccomp_profile**="" Path to the seccomp json profile to be used as the runtime's default (default: "/etc/ocid/seccomp.json") +**--apparmor_profile**="" + Name of the apparmor profile to be used as the runtime's default (default: "ocid-default") + **--version, -v** Print the version diff --git a/docs/ocid.conf.5.md b/docs/ocid.conf.5.md index 2d462728..20a95dd8 100644 --- a/docs/ocid.conf.5.md +++ b/docs/ocid.conf.5.md @@ -55,12 +55,15 @@ The `ocid` table supports the following options: **runtime**="" OCI runtime path (default: "/usr/bin/runc") -**selinux** +**selinux**=*true*|*false* Enable selinux support (default: false) -**seccomp_profile** +**seccomp_profile**="" Path to the seccomp json profile to be used as the runtime's default (default: "/etc/ocid/seccomp.json") +**apparmor_profile**="" + Name of the apparmor profile to be used as the runtime's default (default: "ocid-default") + ## OCID.IMAGE TABLE **pause**="" diff --git a/server/apparmor/apparmor.go b/server/apparmor/apparmor.go index f38c1bb3..1f1b66fe 100644 --- a/server/apparmor/apparmor.go +++ b/server/apparmor/apparmor.go @@ -15,7 +15,7 @@ import ( const ( // defaultApparmorProfile is the name of default apparmor profile name. - defaultApparmorProfile = "crio-default" + defaultApparmorProfile = "ocid-default" // profileDirectory is the file store for apparmor profiles and macros. profileDirectory = "/etc/apparmor.d"