vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Use CGO for apparmor profile switch

Browse source 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
This commit is contained in:
Guillaume J. Charmes 2014-03-06 11:10:58 -08:00
parent 0caa2d3992
commit 0ecd2aa284
2 changed files with 11 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
libcontainer/nsinit/init.go
View file

@ -59,10 +59,6 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
return fmt.Errorf("setup mount namespace %s", err)
}
if err := apparmor.ApplyProfile(os.Getpid(), container.Context["apparmor_profile"]); err != nil {
return err
}
if err := setupNetwork(container, context); err != nil {
return fmt.Errorf("setup networking %s", err)
}
@ -73,6 +69,9 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
return fmt.Errorf("finalize namespace %s", err)
}
if err := apparmor.ApplyProfile(os.Getpid(), container.Context["apparmor_profile"]); err != nil {
return err
}
return system.Execv(args[0], args[0:], container.Env)
}