2016-12-19 07:22:45 -05:00
|
|
|
//+build !windows
|
|
|
|
|
2018-02-05 16:05:59 -05:00
|
|
|
package daemon // import "github.com/docker/docker/daemon"
|
2016-12-19 07:22:45 -05:00
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/docker/docker/container"
|
2018-01-11 14:53:06 -05:00
|
|
|
"github.com/docker/docker/errdefs"
|
2016-12-19 07:22:45 -05:00
|
|
|
)
|
|
|
|
|
2019-08-09 06:33:15 -04:00
|
|
|
func (daemon *Daemon) saveAppArmorConfig(container *container.Container) error {
|
2019-11-27 09:43:53 -05:00
|
|
|
container.AppArmorProfile = "" // we don't care about the previous value.
|
2016-12-19 07:22:45 -05:00
|
|
|
|
|
|
|
if !daemon.apparmorEnabled {
|
|
|
|
return nil // if apparmor is disabled there is nothing to do here.
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := parseSecurityOpt(container, container.HostConfig); err != nil {
|
2017-11-28 23:09:37 -05:00
|
|
|
return errdefs.InvalidParameter(err)
|
2016-12-19 07:22:45 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
if !container.HostConfig.Privileged {
|
|
|
|
if container.AppArmorProfile == "" {
|
2019-08-09 06:33:15 -04:00
|
|
|
container.AppArmorProfile = defaultAppArmorProfile
|
2016-12-19 07:22:45 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
2019-10-12 18:04:44 -04:00
|
|
|
container.AppArmorProfile = unconfinedAppArmorProfile
|
2016-12-19 07:22:45 -05:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|