@@ -4,7 +4,7 @@

 FROM debian:jessie

-RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.4.2

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

@@ -4,7 +4,7 @@

 FROM debian:stretch

-RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.4.2

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

@@ -5,7 +5,7 @@

 FROM debian:wheezy

 RUN echo deb http://http.debian.net/debian wheezy-backports main > /etc/apt/sources.list.d/wheezy-backports.list

-RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.4.2

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

@@ -50,7 +50,6 @@ for version in "${versions[@]}"; do

 		build-essential # "essential for building Debian packages"

 		curl ca-certificates # for downloading Go

 		debhelper # for easy ".deb" building

-		dh-apparmor # for apparmor debhelper

 		dh-systemd # for systemd debhelper integration

 		git # for "git commit" info in "docker -v"

 		libapparmor-dev # for "sys/apparmor.h"

@@ -4,7 +4,7 @@

 FROM ubuntu-debootstrap:precise

-RUN apt-get update && apt-get install -y bash-completion  build-essential curl ca-certificates debhelper dh-apparmor  git libapparmor-dev  libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y bash-completion  build-essential curl ca-certificates debhelper  git libapparmor-dev  libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.4.2

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

@@ -4,7 +4,7 @@

 FROM ubuntu-debootstrap:trusty

-RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.4.2

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

@@ -4,7 +4,7 @@

 FROM ubuntu-debootstrap:vivid

-RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.4.2

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

@@ -4,7 +4,7 @@

 FROM ubuntu-debootstrap:wily

-RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

+RUN apt-get update && apt-get install -y bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-systemd git libapparmor-dev libdevmapper-dev libsqlite3-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*

 ENV GO_VERSION 1.4.2

 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local

@@ -40,20 +40,16 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {

   file,

   umount,

-  signal (receive) peer=/usr/bin/docker,

-  signal (receive) peer=docker-unconfined,

-

   deny @{PROC}/sys/fs/** wklx,

   deny @{PROC}/fs/** wklx,

   deny @{PROC}/sysrq-trigger rwklx,

   deny @{PROC}/mem rwklx,

   deny @{PROC}/kmem rwklx,

-  deny @{PROC}/kore rwklx,

+  deny @{PROC}/kcore rwklx,

   deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx,

   deny @{PROC}/sys/kernel/*/** wklx,

   deny mount,

-  deny ptrace (trace) peer=docker-default,

   deny /sys/[^f]*/** wklx,

   deny /sys/f[^s]*/** wklx,

@@ -198,9 +198,8 @@ func (d *Driver) setPrivileged(container *configs.Config) (err error) {

 	container.Devices = hostDevices

 	if apparmor.IsEnabled() {

-		container.AppArmorProfile = "docker-unconfined"

+		container.AppArmorProfile = "unconfined"

 	}

-

 	return nil

 }

@@ -9,4 +9,3 @@ contrib/init/systemd/docker.socket lib/systemd/system/

 contrib/mk* usr/share/docker-engine/contrib/

 contrib/nuke-graph-directory.sh usr/share/docker-engine/contrib/

 contrib/syntax/nano/Dockerfile.nanorc usr/share/nano/

-contrib/apparmor/* etc/apparmor.d/

@@ -32,9 +32,5 @@ override_dh_installudev:

 	# match our existing priority

 	dh_installudev --priority=z80

-override_dh_install:

-	dh_install

-	dh_apparmor --profile-name=docker-engine -pdocker-engine

-

 %:

 	dh $@ --with=bash-completion $(shell command -v dh_systemd_enable > /dev/null 2>&1 && echo --with=systemd)

@@ -35,8 +35,6 @@ if [ -z "$DOCKER_TEST_HOST" ]; then

 		(

 			set -x

 			/etc/init.d/apparmor start

-

-			/sbin/apparmor_parser -r -W -T contrib/apparmor/

 		)

 	fi

@@ -72,12 +72,6 @@ bundle_ubuntu() {

 		done

 	done

-	# Include contributed apparmor policy

-	if [ -d contrib/apparmor ]; then

-		mkdir -p "$DIR/etc/apparmor.d/"

-		cp contrib/apparmor/* "$DIR/etc/apparmor.d/"

-	fi

-

 	# Copy the binary

 	# This will fail if the binary bundle hasn't been built

 	mkdir -p "$DIR/usr/bin"

@@ -95,10 +89,6 @@ if [ "$1" = 'configure' ] && [ -z "$2" ]; then

 	fi

 fi

-if ( aa-status --enabled ); then

-	/sbin/apparmor_parser -r -W -T /etc/apparmor.d/docker-engine

-fi

-

 if ! { [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; }; then

 	# we only need to do this if upstart isn't in charge

 	update-rc.d docker defaults > /dev/null || true