mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

Make the systemd unit a no-op in containers with no internal policy

Browse Source
This commit is contained in:
intrigeri 2018-10-30 16:46:52 +00:00
parent fb35ee4efc
commit c44e93d856
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
parser/apparmor.systemd
View File

@ -71,6 +71,13 @@ fi
case "$1" in case "$1" in
start) start)
if [ -x /usr/bin/systemd-detect-virt ] && \
systemd-detect-virt --quiet --container && \
! is_container_with_internal_policy; then
aa_log_daemon_msg "Not starting AppArmor in container"
aa_log_end_msg 0
exit 0
fi
apparmor_start apparmor_start
rc=$? rc=$?
;; ;;
@ -79,6 +86,13 @@ case "$1" in
rc=$? rc=$?
;; ;;
restart|reload|force-reload) restart|reload|force-reload)
if [ -x /usr/bin/systemd-detect-virt ] && \
systemd-detect-virt --quiet --container && \
! is_container_with_internal_policy; then
aa_log_daemon_msg "Not starting AppArmor in container"
aa_log_end_msg 0
exit 0
fi
apparmor_restart apparmor_restart
rc=$? rc=$?
;; ;;