Browse code
profiles: apparmor: remove unused fields
ExecPath isn't used by anything, and the signal apparmor rule isn't used
because it refers to a peer that we don't ship.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Aleksa Sarai authored on 2016/03/20 17:01:49Showing 2 changed files
| ... | ... |
@@ -24,8 +24,6 @@ var ( |
| 24 | 24 |
type profileData struct {
|
| 25 | 25 |
// Name is profile name. |
| 26 | 26 |
Name string |
| 27 |
- // ExecPath is the path to the docker binary. |
|
| 28 |
- ExecPath string |
|
| 29 | 27 |
// Imports defines the apparmor functions to import, before defining the profile. |
| 30 | 28 |
Imports []string |
| 31 | 29 |
// InnerImports defines the apparmor functions to import in the profile. |
| ... | ... |
@@ -42,9 +42,5 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
|
| 42 | 42 |
# suppress ptrace denials when using 'docker ps' or using 'ps' inside a container |
| 43 | 43 |
ptrace (trace,read) peer=docker-default, |
| 44 | 44 |
{{end}}
|
| 45 |
-{{if ge .Version 209000}}
|
|
| 46 |
- # docker daemon confinement requires explict allow rule for signal |
|
| 47 |
- signal (receive) set=(kill,term) peer={{.ExecPath}},
|
|
| 48 |
-{{end}}
|
|
| 49 | 45 |
} |
| 50 | 46 |
` |