From 64fb664908f7d3368d1bbfd1efb56cd45e5ed7a3 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Sun, 20 Mar 2016 19:01:49 +1100
Subject: [PATCH 1/2] profiles: apparmor: remove unused fields

ExecPath isn't used by anything, and the signal apparmor rule isn't used
because it refers to a peer that we don't ship.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
 profiles/apparmor/apparmor.go | 2 --
 profiles/apparmor/template.go | 4 ----
 2 files changed, 6 deletions(-)

diff --git a/profiles/apparmor/apparmor.go b/profiles/apparmor/apparmor.go
index bbcf06e50..a18d0c5f2 100644
--- a/profiles/apparmor/apparmor.go
+++ b/profiles/apparmor/apparmor.go
@@ -24,8 +24,6 @@ var (
 type profileData struct {
 	// Name is profile name.
 	Name string
-	// ExecPath is the path to the docker binary.
-	ExecPath string
 	// Imports defines the apparmor functions to import, before defining the profile.
 	Imports []string
 	// InnerImports defines the apparmor functions to import in the profile.
diff --git a/profiles/apparmor/template.go b/profiles/apparmor/template.go
index db867b9de..ada33bf0f 100644
--- a/profiles/apparmor/template.go
+++ b/profiles/apparmor/template.go
@@ -42,9 +42,5 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
   # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
   ptrace (trace,read) peer=docker-default,
 {{end}}
-{{if ge .Version 209000}}
-  # docker daemon confinement requires explict allow rule for signal
-  signal (receive) set=(kill,term) peer={{.ExecPath}},
-{{end}}
 }
 `

From d274456f3eb9f2a3dc518985ec22d236d3bc3f6c Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Sun, 20 Mar 2016 18:08:20 +1100
Subject: [PATCH 2/2] profiles: apparmor: actually calculate version

In order to check that we can have the `ptrace` rule, we need to
actually calculate the version of apparmor_parser.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
 profiles/apparmor/apparmor.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/profiles/apparmor/apparmor.go b/profiles/apparmor/apparmor.go
index a18d0c5f2..51dfa5cf9 100644
--- a/profiles/apparmor/apparmor.go
+++ b/profiles/apparmor/apparmor.go
@@ -38,14 +38,23 @@ func (p *profileData) generateDefault(out io.Writer) error {
 	if err != nil {
 		return err
 	}
+
 	if macroExists("tunables/global") {
 		p.Imports = append(p.Imports, "#include <tunables/global>")
 	} else {
 		p.Imports = append(p.Imports, "@{PROC}=/proc/")
 	}
+
 	if macroExists("abstractions/base") {
 		p.InnerImports = append(p.InnerImports, "#include <abstractions/base>")
 	}
+
+	ver, err := aaparser.GetVersion()
+	if err != nil {
+		return err
+	}
+	p.Version = ver
+
 	if err := compiled.Execute(out, p); err != nil {
 		return err
 	}