d9834f872c
Set's an apparmor profile on the OCI spec if one is configred on the
worker.
Adds selinux labels to containers (only added if selinux is enabled on
the system).
This assumes that the specified apparmor profile is already loaded on
the system and does not try to load it or even check if it is loaded.
SELinux support requires the `selinux` build tag to be added.
Likewise, `runc` would require both the `apparmor` and `selinux` build
tags.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Vendored go-selinux to v1.8.0
Fixed tests
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| hosts.go | ||
| mounts.go | ||
| mounts_test.go | ||
| resolvconf.go | ||
| resolvconf_test.go | ||
| spec.go | ||
| spec_unix.go | ||
| spec_windows.go | ||
| user.go | ||