FS#61744 - [docker] Compile with appamor (&selinux?) support
Attached to Project:
Community Packages
Opened by JB (Sherulez) - Wednesday, 13 February 2019, 11:15 GMT
Last edited by Sébastien Luttringer (seblu) - Sunday, 06 October 2019, 15:40 GMT
Opened by JB (Sherulez) - Wednesday, 13 February 2019, 11:15 GMT
Last edited by Sébastien Luttringer (seblu) - Sunday, 06 October 2019, 15:40 GMT
|
Details
Description:
It would be interesting that docker can work with apparmor. Especially since docker uses a default apparmor profile to "secure" its containers (i.e docker-default). Also, this will allow to use custom apparmor profiles with the option: --security-opt apparmor=my.profile This package does not seem to compile with apparmor bindings because (I guess) the 'apparmor' entry is not present in DOCKER_BUILDTAGS. (Same thing for selinux) ``` _fake_gopath_pushd docker-ce/components/engine github.com/docker/docker DOCKER_GITCOMMIT=$(cd "$srcdir"/docker-ce && git rev-parse --short HEAD) \ DOCKER_BUILDTAGS='seccomp journald' \ VERSION=$pkgver-ce \ hack/make.sh dynbinary ``` Regards. |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Sunday, 06 October 2019, 15:40 GMT
Reason for closing: Implemented
Additional comments about closing: docker-1:19.03.2-2
Sunday, 06 October 2019, 15:40 GMT
Reason for closing: Implemented
Additional comments about closing: docker-1:19.03.2-2
- build docker from a modified PKGBUILD file (DOCKER_BUILDTAGS='seccomp apparmor journald')
Testing with => "docker run --rm -it --security-opt apparmor=docker-default hello-world"
Throw this => "apply apparmor profile apparmor config provided but apparmor not supported"
So i did the same for 'runc'
- build runc from a modified PKGBUILD file (export BUILDTAGS='seccomp apparmor')
And now it works fine with default profile and custom profile.