skip apparmor with dind

vieux · vieux · commit de191e86321f · 2014-05-01T22:22:08.000Z
Docker-DCO-1.1-Signed-off-by: Victor Vieux &lt;vieux@docker.com&gt; (github: vieux)
diff --git a/hack/dind b/hack/dind
@@ -9,6 +9,9 @@
 
 # Usage: dind CMD [ARG...]
 
+# apparmor sucks and Docker needs to know that it's in a container (c) @tianon
+export container=docker
+
 # First, make sure that cgroups are mounted correctly.
 CGROUP=/sys/fs/cgroup
 
diff --git a/pkg/apparmor/apparmor.go b/pkg/apparmor/apparmor.go
@@ -13,7 +13,7 @@ import (
 )
 
 func IsEnabled() bool {
-	if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil {
+	if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
 		buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
 		return err == nil && len(buf) > 1 && buf[0] == 'Y'
 	}

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ import (`
`13`	`13`	`)`
`14`	`14`
`15`	`15`	`func IsEnabled() bool {`
`16`		`- if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil {`
	`16`	`+ if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {`
`17`	`17`	`buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")`
`18`	`18`	`return err == nil && len(buf) > 1 && buf[0] == 'Y'`
`19`	`19`	`}`