tifayuki
44c7afad64
also check if "/sbin/apparmor_parser" exists when deciding if apparmor is enabled
...
Signed-off-by: Feng, Honglin <fenghonglin@gmail.com>
2015-04-14 19:18:33 +02:00
Mathieu Lecarme
ee1000e153
Fix: typos.
...
Docker-DCO-1.1-Signed-off-by: Mathieu Lecarme <mathieu@garambrogne.net> (github: athoune)
2015-04-02 22:41:41 +02:00
Michael Crosby
f4cf808a3d
Merge branch 'master' into api
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Conflicts:
MAINTAINERS
cgroups/cgroups.go
cgroups/fs/apply_raw.go
cgroups/fs/notify_linux.go
cgroups/fs/notify_linux_test.go
cgroups/systemd/apply_systemd.go
config.go
configs/config_test.go
console/console.go
integration/exec_test.go
integration/init_test.go
integration/template_test.go
integration/utils_test.go
linux_notify.go
linux_notify_test.go
mount/init.go
mount/mount_config.go
mount/pivotroot.go
mount/ptmx.go
namespaces/create.go
namespaces/exec.go
namespaces/execin.go
namespaces/init.go
namespaces/nsenter/nsenter.c
namespaces/nsenter/nsenter.go
namespaces/utils.go
network/network.go
network/types.go
network/veth.go
notify_linux.go
notify_linux_test.go
nsinit/exec.go
nsinit/main.go
nsinit/nsenter.go
nsinit/oom.go
sample_configs/host-pid.json
sample_configs/userns.json
security/capabilities/capabilities.go
update-vendor.sh
2015-02-16 15:09:42 -08:00
Tianon Gravi
1cdf742a82
Update a few build tags to be more generic, add a couple more SETNS constants, and update Travis with a bunch of fixes/tweaks (including removing the nonfunctional cross-compile stuff for now)
...
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-07-17 02:24:49 -06:00
Michael Crosby
3b1acc34fb
Move libcontainer deps into libcontainer
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 15:52:12 -07:00
Michael Crosby
613c48e3dd
Move apparmor to top level pkg
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-13 23:33:25 +00:00
Michael Crosby
811700f9f4
Use apparmor_parser directly
...
The current load script does alot of things. If it does not find the
parser loaded on the system it will just exit 0 and not load the
profile. We think it should fail loudly if it cannot load the profile
and apparmor is enabled on the system.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-13 23:31:10 +00:00
Michael Crosby
ca4ab79a9d
Check for apparmor enabled on host to populate profile
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-09 10:22:17 +00:00
Guillaume J. Charmes
ea96c1f436
Backup current docker apparmor profile and replace it with the new one
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-04-08 11:09:31 -07:00
Michael Brown
e17f472e05
apparmor: pull in variables from tunables/global
...
The variables that were defined at the top of the apparmor profile are best
pulled in via the <tunables/global> include.
Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
2014-04-07 03:04:27 -04:00
Michael Brown
d704e4a9c7
apparmor: abstractions/base expects pid variable
...
Add 'pid' variable pointing to 'self' to allow parsing of profile to succeed
Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
2014-04-07 02:47:43 -04:00
Michael Brown
7e43b7e4f4
apparmor: docker-default: Include base abstraction
...
Encountered problems on 14.04 relating to signals between container
processes being blocked by apparmor. The base abstraction contains
appropriate rules to allow this communication.
Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
2014-04-07 02:19:38 -04:00
Guillaume J. Charmes
bbc05ca1a3
Fix issue when /etc/apparmor.d does not exists
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
2014-03-12 11:13:24 -07:00
Guillaume J. Charmes
520773503a
Merge pull request #4506 from creack/fix_apparmor
...
Use CGO for apparmor profile switch
2014-03-06 13:37:34 -08:00
Tianon Gravi
f883469f02
Update build tags such that we can properly compile on all platforms (especially for packagers), and updated hack/PACKAGERS.md to mention the DOCKER_BUILDTAGS variable that will need to be set for binaries that might be used on AppArmor (such as Debian and especially Ubuntu)
...
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-03-06 13:39:17 -07:00
Guillaume J. Charmes
a01ed80bab
Add buildflags to allow crosscompilation for apparmor
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-06 12:05:03 -08:00
Guillaume J. Charmes
d5957adbc4
Use CGO for apparmor profile switch
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-06 11:10:58 -08:00
unclejack
9caf813aa4
remove dbus from apparmor profile
...
This removes the dbus entry from the apparmor profile Docker creates.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-03-06 19:47:03 +02:00
Guillaume J. Charmes
9da8ea80c3
Generate and load custom docker profile for apparmor
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-05 15:02:11 -08:00
Michael Crosby
7c6c6a5a10
Some cleanup around logs
...
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-03-05 13:50:49 -08:00
Guillaume J. Charmes
c486dd90b5
Add AppArmor support to native driver + change pipe/dup logic
...
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
2014-03-05 13:08:24 -08:00