docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5534 from vieux/fix_apparmor_inside_container 

Fix apparmor inside container
This commit is contained in:
Michael Crosby 2014-05-01 15:25:40 -07:00
parent 8296125b32 de191e8632
commit 559dc9a66a
3 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -47,7 +47,6 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
ruby1.9.1 \ ruby1.9.1 \
ruby1.9.1-dev \ ruby1.9.1-dev \
s3cmd=1.1.0* \ s3cmd=1.1.0* \
apparmor \
--no-install-recommends --no-install-recommends
# Get and compile LXC 0.8 (since it is the most stable) # Get and compile LXC 0.8 (since it is the most stable)

3
hack/dind
View File

@ -9,6 +9,9 @@
# Usage: dind CMD [ARG...] # Usage: dind CMD [ARG...]
# apparmor sucks and Docker needs to know that it's in a container (c) @tianon
export container=docker
# First, make sure that cgroups are mounted correctly. # First, make sure that cgroups are mounted correctly.
CGROUP=/sys/fs/cgroup CGROUP=/sys/fs/cgroup

2
pkg/apparmor/apparmor.go
View File

@ -13,7 +13,7 @@ import (
) )
func IsEnabled() bool { func IsEnabled() bool {
if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil { if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
return err == nil && len(buf) > 1 && buf[0] == 'Y' return err == nil && len(buf) > 1 && buf[0] == 'Y'
} }