vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

support apparmor

Browse source 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
This commit is contained in:
Xianglin Gao 2016-11-24 21:27:56 +08:00
parent be32aa566e
commit 71b80591e3
2 changed files with 33 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
server/container_create.go
View file

@ -182,6 +182,13 @@ func (s *Server) createSandboxContainer(containerID string, containerName string
specgen.AddAnnotation(k, v)
}
}
// set this container's apparmor profile if it is set by sandbox
appArmorProfileName := GetAppArmorProfileName(sb.annotations, metadata.GetName())
if appArmorProfileName != "" {
specgen.SetProcessApparmorProfile(appArmorProfileName)
}
if containerConfig.GetLinux().GetSecurityContext().GetPrivileged() {
specgen.SetupPrivileged(true)
}