d90edcd897
Writing the profile to /etc/apparmor.d, while also manually loading it into the kernel results in quite a bit of confusion. In addition, it means that people using apparmor but have /etc mounted read-only cannot use apparmor at all on a Docker host. Fix this by writing the profile to a temporary directory and deleting it after it's been inserted. Signed-off-by: Aleksa Sarai <asarai@suse.de> Upstream-commit: 2f7596aaef3a9f8ec1f2d0937462d9263bee8b6b Component: engine