diff options
| author | Valentin Rothberg <rothberg@redhat.com> | 2019-01-09 14:54:58 +0100 | 
|---|---|---|
| committer | Valentin Rothberg <rothberg@redhat.com> | 2019-01-09 22:18:11 +0100 | 
| commit | edb285d17675061832aceaf72021b87aba149438 (patch) | |
| tree | 332f020dfc754a2a2ecaa80bd2891392c81305f1 /vendor/github.com/json-iterator/go/any.go | |
| parent | c37f73159609b203545ca6fe54c86b9deacfca21 (diff) | |
| download | podman-edb285d17675061832aceaf72021b87aba149438.tar.gz podman-edb285d17675061832aceaf72021b87aba149438.tar.bz2 podman-edb285d17675061832aceaf72021b87aba149438.zip | |
apparmor: apply default profile at container initialization
Apply the default AppArmor profile at container initialization to cover
all possible code paths (i.e., podman-{start,run}) before executing the
runtime.  This allows moving most of the logic into pkg/apparmor.
Also make the loading and application of the default AppArmor profile
versio-indepenent by checking for the `libpod-default-` prefix and
over-writing the profile in the run-time spec if needed.
The intitial run-time spec of the container differs a bit from the
applied one when having started the container, which results in
displaying a potentially outdated AppArmor profile when inspecting
a container.  To fix that, load the container config from the file
system if present and use it to display the data.
Fixes: #2107
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'vendor/github.com/json-iterator/go/any.go')
0 files changed, 0 insertions, 0 deletions
