vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Apply apparmor before restrictions

Browse source 
There is not need for the remount hack, we use aa_change_onexec so the
apparmor profile is not applied until we exec the users app.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-05-01 19:09:12 -07:00
parent cc38164090
commit 593c632113
5 changed files with 12 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor/apparmor.go
View file

@ -20,7 +20,7 @@ func IsEnabled() bool {
return false
}
func ApplyProfile(pid int, name string) error {
func ApplyProfile(name string) error {
if name == "" {
return nil
}

4
apparmor/apparmor_disabled.go
View file

@ -2,12 +2,10 @@
package apparmor
import ()
func IsEnabled() bool {
return false
}
func ApplyProfile(pid int, name string) error {
func ApplyProfile(name string) error {
return nil
}