diff --git a/daemon/execdriver/native/configuration/parse.go b/daemon/execdriver/native/configuration/parse.go index a923f2a3c8..8fb1b452b9 100644 --- a/daemon/execdriver/native/configuration/parse.go +++ b/daemon/execdriver/native/configuration/parse.go @@ -54,7 +54,7 @@ func systemdSlice(container *libcontainer.Config, context interface{}, value str } func apparmorProfile(container *libcontainer.Config, context interface{}, value string) error { - container.Context["apparmor_profile"] = value + container.AppArmorProfile = value return nil } diff --git a/daemon/execdriver/native/configuration/parse_test.go b/daemon/execdriver/native/configuration/parse_test.go index 886a42cf8b..0401d7b37e 100644 --- a/daemon/execdriver/native/configuration/parse_test.go +++ b/daemon/execdriver/native/configuration/parse_test.go @@ -84,8 +84,9 @@ func TestAppArmorProfile(t *testing.T) { if err := ParseConfiguration(container, nil, opts); err != nil { t.Fatal(err) } - if expected := "koye-the-protector"; container.Context["apparmor_profile"] != expected { - t.Fatalf("expected profile %s got %s", expected, container.Context["apparmor_profile"]) + + if expected := "koye-the-protector"; container.AppArmorProfile != expected { + t.Fatalf("expected profile %s got %s", expected, container.AppArmorProfile) } } diff --git a/daemon/execdriver/native/create.go b/daemon/execdriver/native/create.go index e577bd2b87..f28507b046 100644 --- a/daemon/execdriver/native/create.go +++ b/daemon/execdriver/native/create.go @@ -32,7 +32,7 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, e // check to see if we are running in ramdisk to disable pivot root container.MountConfig.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != "" - container.Context["restrictions"] = "true" + container.RestrictSys = true if err := d.createNetwork(container, c); err != nil { return nil, err @@ -127,10 +127,10 @@ func (d *driver) setPrivileged(container *libcontainer.Config) (err error) { } container.MountConfig.DeviceNodes = hostDeviceNodes - delete(container.Context, "restrictions") + container.RestrictSys = false if apparmor.IsEnabled() { - container.Context["apparmor_profile"] = "unconfined" + container.AppArmorProfile = "unconfined" } return nil @@ -163,8 +163,8 @@ func (d *driver) setupMounts(container *libcontainer.Config, c *execdriver.Comma } func (d *driver) setupLabels(container *libcontainer.Config, c *execdriver.Command) error { - container.Context["process_label"] = c.Config["process_label"][0] - container.Context["mount_label"] = c.Config["mount_label"][0] + container.ProcessLabel = c.Config["process_label"][0] + container.MountConfig.MountLabel = c.Config["mount_label"][0] return nil } diff --git a/daemon/execdriver/native/template/default_template.go b/daemon/execdriver/native/template/default_template.go index 5dbcbb5589..d0894a0c9f 100644 --- a/daemon/execdriver/native/template/default_template.go +++ b/daemon/execdriver/native/template/default_template.go @@ -35,11 +35,10 @@ func New() *libcontainer.Config { AllowAllDevices: false, }, MountConfig: &libcontainer.MountConfig{}, - Context: make(map[string]string), } if apparmor.IsEnabled() { - container.Context["apparmor_profile"] = "docker-default" + container.AppArmorProfile = "docker-default" } return container