From b48812b085358e090777f3cfd1d97594e1360b16 Mon Sep 17 00:00:00 2001
From: Marcos Lilljedahl <marcosnils@gmail.com>
Date: Wed, 28 Dec 2016 14:40:19 -0300
Subject: [PATCH] Apply apparmor profile if env variable is present

---
 services/docker.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/docker.go b/services/docker.go
index 3cfd8bb..227a2cd 100644
--- a/services/docker.go
+++ b/services/docker.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"os"
 	"strings"
 
 	"github.com/docker/docker/api/types"
@@ -181,6 +182,10 @@ func ResizeConnection(name string, cols, rows uint) error {
 
 func CreateInstance(session *Session, dindImage string) (*Instance, error) {
 	h := &container.HostConfig{NetworkMode: container.NetworkMode(session.Id), Privileged: true}
+
+	if os.Getenv("APPARMOR_PROFILE") != "" {
+		h.SecurityOpt = []string{fmt.Sprintf("apparmor=%s", os.Getenv("APPARMOR_PROFILE"))}
+	}
 	h.Resources.PidsLimit = int64(500)
 	h.Resources.Memory = 4092 * Megabyte
 	t := true