Merge pull request #224 from crosbymichael/set-apparmor-execin

Set apparmor profile in execin
2014-10-13 23:23:12 -07:00 · 2014-10-13 23:23:12 -07:00 · 8d1d0ba38a
parent 4f409628d8 cb6ba4dbfb
commit 8d1d0ba38a
1 changed files with 5 additions and 0 deletions
--- a/namespaces/execin.go
+++ b/namespaces/execin.go
@ -12,6 +12,7 @@ import (
 	"syscall"

 	"github.com/docker/libcontainer"
+	"github.com/docker/libcontainer/apparmor"
 	"github.com/docker/libcontainer/cgroups"
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/syncpipe"
@ -96,6 +97,10 @@ func FinalizeSetns(container *libcontainer.Config, args []string) error {
 		return err
 	}

+	if err := apparmor.ApplyProfile(container.AppArmorProfile); err != nil {
+		return fmt.Errorf("set apparmor profile %s: %s", container.AppArmorProfile, err)
+	}
+
 	if container.ProcessLabel != "" {
 		if err := label.SetProcessLabel(container.ProcessLabel); err != nil {
 			return err