Do not load ocid-default if configured apparmor profile is set up.
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
This commit is contained in:
Xianglin Gao
parent
6977b3e88d
commit
ca7d5c77c2
4 changed files with 50 additions and 41 deletions
|
|
@ -287,6 +287,7 @@ func New(config *Config) (*Server, error) {
|
|||
},
|
||||
seccompEnabled: seccompEnabled(),
|
||||
appArmorEnabled: apparmor.IsEnabled(),
|
||||
appArmorProfile: config.ApparmorProfile,
|
||||
}
|
||||
seccompProfile, err := ioutil.ReadFile(config.SeccompProfile)
|
||||
if err != nil {
|
||||
|
|
@ -298,10 +299,11 @@ func New(config *Config) (*Server, error) {
|
|||
}
|
||||
s.seccompProfile = seccompConfig
|
||||
|
||||
if s.appArmorEnabled {
|
||||
apparmor.LoadDefaultAppArmorProfile()
|
||||
if s.appArmorEnabled && s.appArmorProfile == apparmor.DefaultApparmorProfile {
|
||||
if err := apparmor.EnsureDefaultApparmorProfile(); err != nil {
|
||||
return nil, fmt.Errorf("ensuring the default apparmor profile is installed failed: %v", err)
|
||||
}
|
||||
}
|
||||
s.appArmorProfile = config.ApparmorProfile
|
||||
|
||||
s.podIDIndex = truncindex.NewTruncIndex([]string{})
|
||||
s.podNameIndex = registrar.NewRegistrar()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue