Join GitHub today
Docker inspect "AppArmorProfile" field now shows "docker-default" when AppArmor is enabled and no other profile was defined #27083
With the latest push, if you change apparmor configuration and apparmor completely disappear from the dockerhost (I have some comments about this below) the AppArmorProfile is updated with the expected configuration but still there is some issues we have to address:
I don't know if addressing this issues are in the scope of the main issue. I' have the feeling that implementing a real-time check of the security configuration of containers will require more than a "slight behavioral change".
I have some ideas of adding security information in the "docker ps" command and a more detailed "docker security" showing all the security settings of a container.
I look forward to your feedback.
I did a little refactor of the patch in the last commit. Now inspect always shows an empty AppArmorProfile when the container is stopped ( maybe empty is not the best value but this can be changed easily to undefined, unconfined or something more clarifying).
The correct value of AppArmorProfile is set at container startup using the actual status of apparmor, the privileged flag and the configured apparmor settings using --security-opt.