ctr: add AppArmor flags

e.g. ``` $ sudo ./bin/ctr run --apparmor-default-profile "cri-containerd.apparmor.d" docker.io/library/alpine:latest foo cat /proc/self/attr/current cri-containerd.apparmor.d (enforce) ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-11-10 14:19:35 +09:00
parent 31a6d11133
commit 9d54648be3
2 changed files with 20 additions and 0 deletions
--- a/cmd/ctr/commands/commands.go
+++ b/cmd/ctr/commands/commands.go
@@ -159,6 +159,14 @@ var (
 			Name:  "seccomp-profile",
 			Usage: "file path to custom seccomp profile. seccomp must be set to true, before using seccomp-profile",
 		},
+		cli.StringFlag{
+			Name:  "apparmor-default-profile",
+			Usage: "enable AppArmor with the default profile with the specified name, e.g. \"cri-containerd.apparmor.d\"",
+		},
+		cli.StringFlag{
+			Name:  "apparmor-profile",
+			Usage: "enable AppArmor with an existing custom profile",
+		},
 	}
 )