docker-cli

Author	SHA1	Message	Date
Christopher Jones	c15d8c9103	Fix apparmor profile installation Fixes #26823 Fixes an issue where apparmor was not loaded into the kernel, because apparmor_parser was being called incorrectly. Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com> Upstream-commit: 1a702111c61076e14f0e7ae688d0102128233daf Component: engine	2016-09-29 18:47:20 -05:00
Akihiro Suda	23bac4b64f	apparmor: prohibit /sys/firmware/** from being accessed Some firmware information including SMBIOS and ACPI tables were unexpectedly exposed Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> Upstream-commit: 693b4ac67ad0638be9defbae771f62d860380f31 Component: engine	2016-09-16 02:21:31 +00:00
Aleksa Sarai	d90edcd897	apparmor: do not save profile to /etc/apparmor.d Writing the profile to /etc/apparmor.d, while also manually loading it into the kernel results in quite a bit of confusion. In addition, it means that people using apparmor but have /etc mounted read-only cannot use apparmor at all on a Docker host. Fix this by writing the profile to a temporary directory and deleting it after it's been inserted. Signed-off-by: Aleksa Sarai <asarai@suse.de> Upstream-commit: 2f7596aaef3a9f8ec1f2d0937462d9263bee8b6b Component: engine	2016-09-13 16:25:16 +10:00
allencloud	1c502571ef	add defer file.Close to avoid potential fd leak Signed-off-by: allencloud <allen.sun@daocloud.io> Upstream-commit: 0ead624473b6bddc232b46bc7c76ab4f9c743ff5 Component: engine	2016-08-10 08:36:09 +08:00
Aleksa Sarai	2820ef0516	profiles: apparmor: actually calculate version In order to check that we can have the `ptrace` rule, we need to actually calculate the version of apparmor_parser. Signed-off-by: Aleksa Sarai <asarai@suse.de> Upstream-commit: d274456f3eb9f2a3dc518985ec22d236d3bc3f6c Component: engine	2016-03-20 19:03:19 +11:00
Aleksa Sarai	94f0b7548f	profiles: apparmor: remove unused fields ExecPath isn't used by anything, and the signal apparmor rule isn't used because it refers to a peer that we don't ship. Signed-off-by: Aleksa Sarai <asarai@suse.de> Upstream-commit: 64fb664908f7d3368d1bbfd1efb56cd45e5ed7a3 Component: engine	2016-03-20 19:01:49 +11:00
Alexander Morozov	536ff97acf	Merge pull request #20958 from calavera/basic_function_templates Provide basic string manipulation functions for template executions. Upstream-commit: 943ae26bc01913fefe415defc575ea10e24f6a2b Component: engine	2016-03-10 08:08:32 -08:00
allencloud	16d6520e91	fix some typos. Signed-off-by: allencloud <allen.sun@daocloud.io> Upstream-commit: 34b82a69b94ef9c7913e2809ae918e6f4331201e Component: engine	2016-03-10 10:09:27 +08:00
David Calavera	a66058a138	Provide basic string manupilation functions for template executions. This change centralizes the template manipulation in a single package and adds basic string functions to their execution. Signed-off-by: David Calavera <david.calavera@gmail.com> Upstream-commit: 8514880997bd1bc944769dcc41e52307bb01f7ff Component: engine	2016-03-09 19:37:12 -05:00
Aleksa Sarai	d9e3cdab8a	apparmor: use correct version for ptrace denial suppression Ubuntu ships apparmor_parser 2.9 erroniously as "2.8.95". Fix the incorrect version check for >=2.8, when in fact 2.8 deosn't support the required feature. Signed-off-by: Aleksa Sarai <asarai@suse.com> Upstream-commit: 284d9d451e93baff311b501018cae2097f76b134 Component: engine	2016-02-15 20:36:29 +11:00
Aleksa Sarai	08e0c58b53	apparmor: fix version checks to work properly Using {{if major}}{{if minor}} doesn't work as expected when the major version changes. In addition, this didn't support patch levels (which is necessary in some cases when distributions ship apparmor weirdly). Signed-off-by: Aleksa Sarai <asarai@suse.com> Upstream-commit: 4bf7a84c969b9309b0534a61af55b8bb824acc0a Component: engine	2016-02-15 20:36:07 +11:00
Jessica Frazelle	190d8fab36	move default apparmor policy into package Signed-off-by: Jessica Frazelle <acidburn@docker.com> Upstream-commit: 35e50119fc2a2a6d9bcdc95c000df8b66d6cb9d3 Component: engine	2016-01-21 16:55:27 -08:00

12 Commits