diff options
author | Valentin Rothberg <vrothberg@suse.com> | 2018-07-22 17:45:36 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-07-23 18:11:09 +0000 |
commit | 8569ed03056ce39e0dc163747089ed4b60b1b9b1 (patch) | |
tree | d1ab8cbae6dfc8ef27158f0b8890d2bec275e30d /cmd/podman | |
parent | 2c11e38b24942a18f43cb27d6c5145850a40be54 (diff) | |
download | podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.gz podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.bz2 podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.zip |
AppArmor: runtime check if it's enabled on the host
Check at runtime if AppArmor is enabled on the host.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1128
Approved by: mheon
Diffstat (limited to 'cmd/podman')
-rw-r--r-- | cmd/podman/create.go | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 6a70e3f43..f147081d4 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -196,7 +196,7 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error { } } - if config.ApparmorProfile == "" { + if config.ApparmorProfile == "" && apparmor.IsEnabled() { // Unless specified otherwise, make sure that the default AppArmor // profile is installed. To avoid redundantly loading the profile // on each invocation, check if it's loaded before installing it. @@ -231,7 +231,11 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error { logrus.Infof("Sucessfully loaded AppAmor profile '%s'", profile) config.ApparmorProfile = profile } - } else { + } else if config.ApparmorProfile != "" { + if !apparmor.IsEnabled() { + return fmt.Errorf("profile specified but AppArmor is disabled on the host") + } + isLoaded, err := apparmor.IsLoaded(config.ApparmorProfile) if err != nil { switch err { |