From 87f0d63fb2ede63d263d8e8285b83a7f7d12bbf3 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 9 Apr 2014 10:22:17 +0000
Subject: [PATCH] Check for apparmor enabled on host to populate profile
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/libcontainer/apparmor/apparmor.go                  | 2 +-
 runtime/execdriver/native/create.go                    | 5 ++++-
 runtime/execdriver/native/template/default_template.go | 8 +++++---
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/pkg/libcontainer/apparmor/apparmor.go b/pkg/libcontainer/apparmor/apparmor.go
index a6d57d4f09..5de241dd97 100644
--- a/pkg/libcontainer/apparmor/apparmor.go
+++ b/pkg/libcontainer/apparmor/apparmor.go
@@ -17,7 +17,7 @@ func IsEnabled() bool {
 }
 
 func ApplyProfile(pid int, name string) error {
-	if !IsEnabled() || name == "" {
+	if name == "" {
 		return nil
 	}
 
diff --git a/runtime/execdriver/native/create.go b/runtime/execdriver/native/create.go
index 71fab3e064..12546145f9 100644
--- a/runtime/execdriver/native/create.go
+++ b/runtime/execdriver/native/create.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/libcontainer/apparmor"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/runtime/execdriver/native/configuration"
 	"github.com/dotcloud/docker/runtime/execdriver/native/template"
@@ -80,7 +81,9 @@ func (d *driver) setPrivileged(container *libcontainer.Container) error {
 		c.Enabled = true
 	}
 	container.Cgroups.DeviceAccess = true
-	container.Context["apparmor_profile"] = "unconfined"
+	if apparmor.IsEnabled() {
+		container.Context["apparmor_profile"] = "unconfined"
+	}
 	return nil
 }
 
diff --git a/runtime/execdriver/native/template/default_template.go b/runtime/execdriver/native/template/default_template.go
index a1ecb04d76..d3c433a317 100644
--- a/runtime/execdriver/native/template/default_template.go
+++ b/runtime/execdriver/native/template/default_template.go
@@ -3,6 +3,7 @@ package template
 import (
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/libcontainer/apparmor"
 )
 
 // New returns the docker default configuration for libcontainer
@@ -36,10 +37,11 @@ func New() *libcontainer.Container {
 			Parent:       "docker",
 			DeviceAccess: false,
 		},
-		Context: libcontainer.Context{
-			"apparmor_profile": "docker-default",
-		},
+		Context: libcontainer.Context{},
 	}
 	container.CapabilitiesMask.Get("MKNOD").Enabled = true
+	if apparmor.IsEnabled() {
+		container.Context["apparmor_profile"] = "docker-default"
+	}
 	return container
 }