add apparmor:

Signed-off-by: Victor Vieux <vieux@docker.com> Upstream-commit: c2c5e57a8ea4b1dc35c58654443a8c4508277904 Component: engine
2014-09-29 23:34:45 +00:00
parent fe37a1db8f
commit f73d9c3630
5 changed files with 17 additions and 5 deletions
--- a/components/engine/daemon/execdriver/driver.go
+++ b/components/engine/daemon/execdriver/driver.go
@ -116,4 +116,5 @@ type Command struct {
 	ProcessLabel       string            `json:"process_label"`
 	MountLabel         string            `json:"mount_label"`
 	LxcConfig          []string          `json:"lxc_config"`
+	AppArmorProfile    string            `json:"apparmor_profile"`
 }
--- a/components/engine/daemon/execdriver/lxc/driver.go
+++ b/components/engine/daemon/execdriver/lxc/driver.go
@ -409,10 +409,7 @@ func rootIsShared() bool {
 }

 func (d *driver) generateLXCConfig(c *execdriver.Command) (string, error) {
-	var (
-		root       = path.Join(d.root, "containers", c.ID, "config.lxc")
-		label_opts []string
-	)
+	root := path.Join(d.root, "containers", c.ID, "config.lxc")

 	fo, err := os.Create(root)
 	if err != nil {
--- a/components/engine/daemon/execdriver/native/create.go
+++ b/components/engine/daemon/execdriver/native/create.go
@ -49,6 +49,10 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Config, e
 		}
 	}

+	if c.AppArmorProfile != "" {
+		container.AppArmorProfile = c.AppArmorProfile
+	}
+
 	if err := d.setupCgroups(container, c); err != nil {
 		return nil, err
 	}