Commit Graph

21 Commits

Author SHA1 Message Date
tifayuki 44c7afad64 also check if "/sbin/apparmor_parser" exists when deciding if apparmor is enabled
Signed-off-by: Feng, Honglin <fenghonglin@gmail.com>
2015-04-14 19:18:33 +02:00
Mathieu Lecarme ee1000e153 Fix: typos.
Docker-DCO-1.1-Signed-off-by: Mathieu Lecarme <mathieu@garambrogne.net> (github: athoune)
2015-04-02 22:41:41 +02:00
Michael Crosby f4cf808a3d Merge branch 'master' into api
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	MAINTAINERS
	cgroups/cgroups.go
	cgroups/fs/apply_raw.go
	cgroups/fs/notify_linux.go
	cgroups/fs/notify_linux_test.go
	cgroups/systemd/apply_systemd.go
	config.go
	configs/config_test.go
	console/console.go
	integration/exec_test.go
	integration/init_test.go
	integration/template_test.go
	integration/utils_test.go
	linux_notify.go
	linux_notify_test.go
	mount/init.go
	mount/mount_config.go
	mount/pivotroot.go
	mount/ptmx.go
	namespaces/create.go
	namespaces/exec.go
	namespaces/execin.go
	namespaces/init.go
	namespaces/nsenter/nsenter.c
	namespaces/nsenter/nsenter.go
	namespaces/utils.go
	network/network.go
	network/types.go
	network/veth.go
	notify_linux.go
	notify_linux_test.go
	nsinit/exec.go
	nsinit/main.go
	nsinit/nsenter.go
	nsinit/oom.go
	sample_configs/host-pid.json
	sample_configs/userns.json
	security/capabilities/capabilities.go
	update-vendor.sh
2015-02-16 15:09:42 -08:00
Tianon Gravi 1cdf742a82 Update a few build tags to be more generic, add a couple more SETNS constants, and update Travis with a bunch of fixes/tweaks (including removing the nonfunctional cross-compile stuff for now)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-07-17 02:24:49 -06:00
Michael Crosby 3b1acc34fb Move libcontainer deps into libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 15:52:12 -07:00
Michael Crosby 613c48e3dd Move apparmor to top level pkg
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-13 23:33:25 +00:00
Michael Crosby 811700f9f4 Use apparmor_parser directly
The current load script does alot of things.  If it does not find the
parser loaded on the system it will just exit 0 and not load the
profile.  We think it should fail loudly if it cannot load the profile
and apparmor is enabled on the system.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-13 23:31:10 +00:00
Michael Crosby ca4ab79a9d Check for apparmor enabled on host to populate profile
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-09 10:22:17 +00:00
Guillaume J. Charmes ea96c1f436 Backup current docker apparmor profile and replace it with the new one
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-04-08 11:09:31 -07:00
Michael Brown e17f472e05 apparmor: pull in variables from tunables/global
The variables that were defined at the top of the apparmor profile are best
pulled in via the <tunables/global> include.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
2014-04-07 03:04:27 -04:00
Michael Brown d704e4a9c7 apparmor: abstractions/base expects pid variable
Add 'pid' variable pointing to 'self' to allow parsing of profile to succeed

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
2014-04-07 02:47:43 -04:00
Michael Brown 7e43b7e4f4 apparmor: docker-default: Include base abstraction
Encountered problems on 14.04 relating to signals between container
processes being blocked by apparmor. The base abstraction contains
appropriate rules to allow this communication.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
2014-04-07 02:19:38 -04:00
Guillaume J. Charmes bbc05ca1a3 Fix issue when /etc/apparmor.d does not exists
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-03-12 11:13:24 -07:00
Guillaume J. Charmes 520773503a Merge pull request #4506 from creack/fix_apparmor
Use CGO for apparmor profile switch
2014-03-06 13:37:34 -08:00
Tianon Gravi f883469f02 Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-03-06 13:39:17 -07:00
Guillaume J. Charmes a01ed80bab Add buildflags to allow crosscompilation for apparmor
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-06 12:05:03 -08:00
Guillaume J. Charmes d5957adbc4 Use CGO for apparmor profile switch
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-06 11:10:58 -08:00
unclejack 9caf813aa4 remove dbus from apparmor profile
This removes the dbus entry from the apparmor profile Docker creates.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-03-06 19:47:03 +02:00
Guillaume J. Charmes 9da8ea80c3 Generate and load custom docker profile for apparmor
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-05 15:02:11 -08:00
Michael Crosby 7c6c6a5a10 Some cleanup around logs
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-05 13:50:49 -08:00
Guillaume J. Charmes c486dd90b5 Add AppArmor support to native driver + change pipe/dup logic
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-05 13:08:24 -08:00