Merge pull request #14864 from ewindisch/apparmor-engine-policy

Add AppArmor policy for the docker binary
Upstream-commit: a7d84503128720612022d46f5c9c04602cb19f05
Component: engine

components/engine/hack/make/.build-deb/rules

@@ -34,6 +34,7 @@ override_dh_installudev:
 
 override_dh_install:
 	dh_apparmor --profile-name=docker -pdocker-engine
+	dh_apparmor --profile-name=docker-engine -pdocker-engine
 
 %:
 	dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd)

components/engine/hack/make/ubuntu

@@ -75,6 +75,7 @@ bundle_ubuntu() {
 	# Include contributed apparmor policy
 	mkdir -p "$DIR/etc/apparmor.d/"
 	cp contrib/apparmor/docker "$DIR/etc/apparmor.d/"
+	cp contrib/apparmor/docker-engine "$DIR/etc/apparmor.d/"
 
 	# Copy the binary
 	# This will fail if the binary bundle hasn't been built
@@ -95,6 +96,7 @@ fi
 
 if ( aa-status --enabled ); then
 	/sbin/apparmor_parser -r -W -T /etc/apparmor.d/docker
+	/sbin/apparmor_parser -r -W -T /etc/apparmor.d/docker-engine
 fi
 
 if ! { [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; }; then