opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-24 15:03:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

podman/libpod: add default AppArmor profile

Browse Source 
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile.  Large chunks of libpod/apparmor
come from github.com/moby/moby.

Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.

The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.

Signed-off-by: Valentin Rothberg <vrothberg@suse.com>

Closes: #1063
Approved by: rhatdan
This commit is contained in:
Valentin Rothberg
2018-07-09 08:50:52 +02:00
committed by Atomic Bot
parent 84cfdb2061
commit 06ab343bd7
12 changed files with 457 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile.Fedora
View File

@ -83,4 +83,9 @@ COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redh
# Install varlink stuff
RUN pip3 install varlink
WORKDIR /go/src/github.com/projectatomic/libpod
# Wrap all commands in the "docker-in-docker" script to allow nested containers,
# and allow testing of apparmor.
ENTRYPOINT ["./hack/dind"]