Merge pull request #239 from xlgao-zju/reload-apparmor-profile

reload default apparmor profile if it is unloaded
2016-12-13 11:10:26 +01:00 · 2016-12-13 11:10:26 +01:00 · 4bb0830c37
commit 4bb0830c37
parent bd585c2fca ca7d5c77c2
9 changed files with 142 additions and 96 deletions
--- a/server/server.go
+++ b/server/server.go
@ -333,6 +333,7 @@ func New(config *Config) (*Server, error) {
 		},
 		seccompEnabled:  seccompEnabled(),
 		appArmorEnabled: apparmor.IsEnabled(),
+		appArmorProfile: config.ApparmorProfile,
 	}
 	seccompProfile, err := ioutil.ReadFile(config.SeccompProfile)
 	if err != nil {
@ -344,10 +345,11 @@ func New(config *Config) (*Server, error) {
 	}
 	s.seccompProfile = seccompConfig

-	if s.appArmorEnabled {
-		apparmor.InstallDefaultAppArmorProfile()
+	if s.appArmorEnabled && s.appArmorProfile == apparmor.DefaultApparmorProfile {
+		if err := apparmor.EnsureDefaultApparmorProfile(); err != nil {
+			return nil, fmt.Errorf("ensuring the default apparmor profile is installed failed: %v", err)
+		}
 	}
-	s.appArmorProfile = config.ApparmorProfile

 	s.podIDIndex = truncindex.NewTruncIndex([]string{})
 	s.podNameIndex = registrar.NewRegistrar()