Merge pull request #215 from xlgao-zju/support-apparmor

support apparmor

docs/ocid.8.md

@@ -20,6 +20,7 @@ ocid - Enable OCI Kubernetes Container Runtime daemon
 [**--sandboxdir**=[*value*]]
 [**--selinux**]
 [**--seccomp-profile**=[*value*]]
+[**--apparmor-profile**=[*value*]]
 [**--version**|**-v**]
 
 # DESCRIPTION
@@ -76,12 +77,15 @@ ocid is meant to provide an integration path between OCI conformant runtimes and
 **--sandboxdir**=""
   OCID pod sandbox dir (default: "/var/lib/ocid/sandboxes")
 
-**--selinux**
+**--selinux**=*true*|*false*
   Enable selinux support (default: false)
 
-**seccomp_profile**
+**--seccomp_profile**=""
   Path to the seccomp json profile to be used as the runtime's default (default: "/etc/ocid/seccomp.json")
 
+**--apparmor_profile**=""
+  Name of the apparmor profile to be used as the runtime's default (default: "ocid-default")
+
 **--version, -v**
   Print the version
 

docs/ocid.conf.5.md

@@ -55,12 +55,15 @@ The `ocid` table supports the following options:
 **runtime**=""
   OCI runtime path (default: "/usr/bin/runc")
 
-**selinux**
+**selinux**=*true*|*false*
   Enable selinux support (default: false)
 
-**seccomp_profile**
+**seccomp_profile**=""
   Path to the seccomp json profile to be used as the runtime's default (default: "/etc/ocid/seccomp.json")
 
+**apparmor_profile**=""
+  Name of the apparmor profile to be used as the runtime's default (default: "ocid-default")
+
 ## OCID.IMAGE TABLE
 
 **pause**=""