@@ -5,9 +5,12 @@ package daemon // import "github.com/docker/docker/daemon"
55
66import (
77 "fmt"
8+ "os"
9+ "sync"
810
911 "github.com/containerd/containerd/pkg/apparmor"
1012 aaprofile "github.com/docker/docker/profiles/apparmor"
13+ "github.com/sirupsen/logrus"
1114)
1215
1316// Define constants for native driver
@@ -16,6 +19,11 @@ const (
1619 defaultAppArmorProfile = "docker-default"
1720)
1821
22+ var (
23+ checkAppArmorOnce sync.Once
24+ isAppArmorAvailable bool
25+ )
26+
1927// DefaultApparmorProfile returns the name of the default apparmor profile
2028func DefaultApparmorProfile () string {
2129 if apparmor .HostSupports () {
@@ -25,7 +33,20 @@ func DefaultApparmorProfile() string {
2533}
2634
2735func ensureDefaultAppArmorProfile () error {
28- if apparmor .HostSupports () {
36+ checkAppArmorOnce .Do (func () {
37+ if apparmor .HostSupports () {
38+ // Restore the apparmor_parser check removed in containerd:
39+ // https://github.com/containerd/containerd/commit/1acca8bba36e99684ee3489ea4a42609194ca6b9
40+ // Fixes: https://github.com/moby/moby/issues/44900
41+ if _ , err := os .Stat ("/sbin/apparmor_parser" ); err == nil {
42+ isAppArmorAvailable = true
43+ } else {
44+ logrus .Warn ("AppArmor enabled on system but \" apparmor_parser\" binary is missing, so profile can't be loaded" )
45+ }
46+ }
47+ })
48+
49+ if isAppArmorAvailable {
2950 loaded , err := aaprofile .IsLoaded (defaultAppArmorProfile )
3051 if err != nil {
3152 return fmt .Errorf ("Could not check if %s AppArmor profile was loaded: %s" , defaultAppArmorProfile , err )
0 commit comments