docker-cli

Author	SHA1	Message	Date
Akihiro Suda	23bac4b64f	apparmor: prohibit /sys/firmware/** from being accessed Some firmware information including SMBIOS and ACPI tables were unexpectedly exposed Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> Upstream-commit: 693b4ac67ad0638be9defbae771f62d860380f31 Component: engine	2016-09-16 02:21:31 +00:00
Aleksa Sarai	94f0b7548f	profiles: apparmor: remove unused fields ExecPath isn't used by anything, and the signal apparmor rule isn't used because it refers to a peer that we don't ship. Signed-off-by: Aleksa Sarai <asarai@suse.de> Upstream-commit: 64fb664908f7d3368d1bbfd1efb56cd45e5ed7a3 Component: engine	2016-03-20 19:01:49 +11:00
Aleksa Sarai	d9e3cdab8a	apparmor: use correct version for ptrace denial suppression Ubuntu ships apparmor_parser 2.9 erroniously as "2.8.95". Fix the incorrect version check for >=2.8, when in fact 2.8 deosn't support the required feature. Signed-off-by: Aleksa Sarai <asarai@suse.com> Upstream-commit: 284d9d451e93baff311b501018cae2097f76b134 Component: engine	2016-02-15 20:36:29 +11:00
Aleksa Sarai	08e0c58b53	apparmor: fix version checks to work properly Using {{if major}}{{if minor}} doesn't work as expected when the major version changes. In addition, this didn't support patch levels (which is necessary in some cases when distributions ship apparmor weirdly). Signed-off-by: Aleksa Sarai <asarai@suse.com> Upstream-commit: 4bf7a84c969b9309b0534a61af55b8bb824acc0a Component: engine	2016-02-15 20:36:07 +11:00
Jessica Frazelle	190d8fab36	move default apparmor policy into package Signed-off-by: Jessica Frazelle <acidburn@docker.com> Upstream-commit: 35e50119fc2a2a6d9bcdc95c000df8b66d6cb9d3 Component: engine	2016-01-21 16:55:27 -08:00

5 Commits