opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-25 02:04:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

podman/libpod: add default AppArmor profile

Browse Source 
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile.  Large chunks of libpod/apparmor
come from github.com/moby/moby.

Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.

The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.

Signed-off-by: Valentin Rothberg <vrothberg@suse.com>

Closes: #1063
Approved by: rhatdan
This commit is contained in:
Valentin Rothberg
2018-07-09 08:50:52 +02:00
committed by Atomic Bot
parent 84cfdb2061
commit 06ab343bd7
12 changed files with 457 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile.CentOS
View File

@ -80,3 +80,7 @@ COPY test/policy.json /etc/containers/policy.json
COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml
WORKDIR /go/src/github.com/projectatomic/libpod
# Wrap all commands in the "docker-in-docker" script to allow nested containers,
# and allow testing of apparmor.
ENTRYPOINT ["./hack/dind"]