summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorValentin Rothberg <vrothberg@suse.com>2018-07-22 17:45:36 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-07-23 18:11:09 +0000
commit8569ed03056ce39e0dc163747089ed4b60b1b9b1 (patch)
treed1ab8cbae6dfc8ef27158f0b8890d2bec275e30d /cmd/podman
parent2c11e38b24942a18f43cb27d6c5145850a40be54 (diff)
downloadpodman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.gz
podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.bz2
podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.zip
AppArmor: runtime check if it's enabled on the host
Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/create.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 6a70e3f43..f147081d4 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -196,7 +196,7 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
}
}
- if config.ApparmorProfile == "" {
+ if config.ApparmorProfile == "" && apparmor.IsEnabled() {
// Unless specified otherwise, make sure that the default AppArmor
// profile is installed. To avoid redundantly loading the profile
// on each invocation, check if it's loaded before installing it.
@@ -231,7 +231,11 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
logrus.Infof("Sucessfully loaded AppAmor profile '%s'", profile)
config.ApparmorProfile = profile
}
- } else {
+ } else if config.ApparmorProfile != "" {
+ if !apparmor.IsEnabled() {
+ return fmt.Errorf("profile specified but AppArmor is disabled on the host")
+ }
+
isLoaded, err := apparmor.IsLoaded(config.ApparmorProfile)
if err != nil {
switch err {