diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-01-10 03:34:54 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-10 03:34:54 -0800 |
| commit | 64627d910b2113fa2de6b949d846af379e75e305 (patch) | |
| tree | d555591919d240a25827eb3737446260c04496e0 /libpod/container_internal_linux.go | |
| parent | 0f6535cf6b4bfac265983c2fdd3482310ab4f39b (diff) | |
| parent | edb285d17675061832aceaf72021b87aba149438 (diff) | |
| download | podman-64627d910b2113fa2de6b949d846af379e75e305.tar.gz podman-64627d910b2113fa2de6b949d846af379e75e305.tar.bz2 podman-64627d910b2113fa2de6b949d846af379e75e305.zip | |
Merge pull request #2114 from vrothberg/issue-2107
apparmor: apply default profile at container initialization
Diffstat (limited to 'libpod/container_internal_linux.go')
| -rw-r--r-- | libpod/container_internal_linux.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 582a4c3e7..2f03d45ea 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -20,6 +20,7 @@ import ( cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containernetworking/plugins/pkg/ns" crioAnnotations "github.com/containers/libpod/pkg/annotations" + "github.com/containers/libpod/pkg/apparmor" "github.com/containers/libpod/pkg/criu" "github.com/containers/libpod/pkg/lookup" "github.com/containers/libpod/pkg/resolvconf" @@ -185,6 +186,13 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } } + // Apply AppArmor checks and load the default profile if needed. + updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile) + if err != nil { + return nil, err + } + g.SetProcessApparmorProfile(updatedProfile) + if err := c.makeBindMounts(); err != nil { return nil, err } |