diff options
| author | Sebastiaan van Stijn <github@gone.nl> | 2021-04-08 15:37:13 +0200 |
|---|---|---|
| committer | Sebastiaan van Stijn <github@gone.nl> | 2021-04-08 20:22:08 +0200 |
| commit | 2834f842ee25c081abad0dc1473dd7c65ce94cb8 (patch) | |
| tree | 749ee625c5b9200513e453017bd929affd724b11 /daemon/exec_linux.go | |
| parent | 42ef2c5036f5131fbabf7389ac7efa049cd63cd2 (diff) | |
| download | docker-2834f842ee25c081abad0dc1473dd7c65ce94cb8.tar.gz | |
Use containerd's apparmor package to detect if apparmor can be used
The runc/libcontainer apparmor package on master no longer checks if apparmor_parser
is enabled, or if we are running docker-in-docker.
While those checks are not relevant to runc (as it doesn't load the profile), these
checks _are_ relevant to us (and containerd). So switching to use the containerd
apparmor package, which does include the needed checks.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Diffstat (limited to 'daemon/exec_linux.go')
| -rw-r--r-- | daemon/exec_linux.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/daemon/exec_linux.go b/daemon/exec_linux.go index e3aadb3326..b683fef7de 100644 --- a/daemon/exec_linux.go +++ b/daemon/exec_linux.go @@ -3,10 +3,10 @@ package daemon // import "github.com/docker/docker/daemon" import ( "context" + "github.com/containerd/containerd/pkg/apparmor" "github.com/docker/docker/container" "github.com/docker/docker/daemon/exec" "github.com/docker/docker/oci/caps" - "github.com/opencontainers/runc/libcontainer/apparmor" specs "github.com/opencontainers/runtime-spec/specs-go" ) @@ -27,7 +27,7 @@ func (daemon *Daemon) execSetPlatformOpt(c *container.Container, ec *exec.Config p.Capabilities.Inheritable = p.Capabilities.Bounding p.Capabilities.Effective = p.Capabilities.Bounding } - if apparmor.IsEnabled() { + if apparmor.HostSupports() { var appArmorProfile string if c.AppArmorProfile != "" { appArmorProfile = c.AppArmorProfile |