@@ -23,10 +23,10 @@ func GetVersion() (int, error) {

 	return parseVersion(output)

 }

-// LoadProfile runs `apparmor_parser -r -W` on a specified apparmor profile to

-// replace and write it to disk.

+// LoadProfile runs `apparmor_parser -r` on a specified apparmor profile to

+// replace the profile.

 func LoadProfile(profilePath string) error {

-	_, err := cmd(filepath.Dir(profilePath), "-r", "-W", filepath.Base(profilePath))

+	_, err := cmd("-r", filepath.Dir(profilePath))

 	if err != nil {

 		return err

 	}

@@ -5,6 +5,7 @@ package apparmor

 import (

 	"bufio"

 	"io"

+	"io/ioutil"

 	"os"

 	"path"

 	"strings"

@@ -16,8 +17,6 @@ import (

 var (

 	// profileDirectory is the file store for apparmor profiles and macros.

 	profileDirectory = "/etc/apparmor.d"

-	// defaultProfilePath is the default path for the apparmor profile to be saved.

-	defaultProfilePath = path.Join(profileDirectory, "docker")

 )

 // profileData holds information about the given profile for generation.

@@ -70,26 +69,26 @@ func macroExists(m string) bool {

 // InstallDefault generates a default profile and installs it in the

 // ProfileDirectory with `apparmor_parser`.

 func InstallDefault(name string) error {

-	// Make sure the path where they want to save the profile exists

-	if err := os.MkdirAll(profileDirectory, 0755); err != nil {

-		return err

-	}

-

 	p := profileData{

 		Name: name,

 	}

-	f, err := os.OpenFile(defaultProfilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)

+	// Install to a temporary directory.

+	f, err := ioutil.TempFile("", name)

 	if err != nil {

 		return err

 	}

+	profilePath := f.Name()

+

+	defer f.Close()

+	defer os.Remove(profilePath)

+

 	if err := p.generateDefault(f); err != nil {

 		f.Close()

 		return err

 	}

-	f.Close()

-	if err := aaparser.LoadProfile(defaultProfilePath); err != nil {

+	if err := aaparser.LoadProfile(profilePath); err != nil {

 		return err

 	}