Skip to content

Instantly share code, notes, and snippets.

@dalguete

dalguete/gist:19a9d984e8a749eefaab7ec9aea6be01

Created May 12, 2018 17:24
Show Gist options
  • Save dalguete/19a9d984e8a749eefaab7ec9aea6be01 to your computer and use it in GitHub Desktop.
Save dalguete/19a9d984e8a749eefaab7ec9aea6be01 to your computer and use it in GitHub Desktop.
Download ZIP
Useful to extract the apparmor profile created by Docker when installed
Raw
gistfile1.txt
#!/bin/bash
[ "`echo "$@" | grep -e "docker"`" ] && echo "$@" | cut -c 5- | xargs -I {} cat {} > /tmp/apparmor-profile-docker-default
/sbin/apparmor_parser_original "$@"
@dalguete
Copy link
Author

Steps I followed to have this working:

  1. Uninstall Docker.
  2. Backup original apparmor_parser
    sudo cp $(which apparmor_parser) $(which apparmor_parser).original
  3. Create the apparmor_parser wrapper using code in gist. Don't forget to make that file executable
    sudo chmod +x <path/to/apparmor_parser>
  4. Reboot (couldn't find a way to reload apparmor profiles without rebooting)
  5. Install Docker.
  6. See the profile loaded in /tmp/apparmor-profile-docker-default.
  7. Restore apparmor_parser 
    sudo rm $(which apparmor_parser)
sudo mv <path/to/apparmor_parser>.original <path/to/apparmor_parser>
  8. Reboot.

@marcoedelgado
Copy link

what version of bash is this compatible with?

using GNU bash, version 4.3.48(1)-release and getting no output nor creation of /tmp/apparmor-profile-docker-default

@dalguete
Copy link
Author

Mine is GNU bash, version 4.4.12(1)-release (x86_64-pc-linux-gnu). Probably output in yours is a bit different, so cut -c 5- could not be cutting in the correct positions. I suggest you to just print the output of $@ in a file, as soon as Docker is installed so you can see info passed and order.

@FelixOliverLange
Copy link

FelixOliverLange commented Jun 25, 2018
edited
Loading

Worked on SLES 12.3, thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment