adds support for AppArmor

Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2017-08-23 14:03:11 -05:00
parent 4f449cec5f
commit 4f442de959
7 changed files with 44 additions and 11 deletions
--- a/pkg/server/sandbox_run.go
+++ b/pkg/server/sandbox_run.go
@@ -294,7 +294,9 @@ func (c *criContainerdService) generateSandboxContainerSpec(id string, config *r
 		g.AddLinuxSysctl(key, value)
 	}

-	// TODO(random-liu): [P2] Set apparmor and seccomp from annotations.
+	// TODO(random-liu): [P2] Set seccomp
+
+	// Note: LinuxSandboxSecurityContext does not currently provide an apparmor profile

 	g.SetLinuxResourcesCPUShares(uint64(defaultSandboxCPUshares))
 	g.SetProcessOOMScoreAdj(int(defaultSandboxOOMAdj))