Mount securityfs to allow apparmor profiles in PWD

2025-07-14 10:17:26 +08:00 · 2017-03-26 20:10:13 -03:00 · 2017-03-26 20:10:13 -03:00 · e60622ff9e
commit e60622ff9e
parent b447170d91
1 changed files with 1 additions and 1 deletions
--- a/Dockerfile.dind
+++ b/Dockerfile.dind
@ -40,7 +40,7 @@ CMD cat /etc/hosts >/etc/hosts.bak && \
    sed 's/^::1.*//' /etc/hosts.bak > /etc/hosts && \
    sed -i "s/\DOCKER_STORAGE_DRIVER/$DOCKER_STORAGE_DRIVER/" /etc/docker/daemon.json && \
    sed -i "s/\PWD_IP_ADDRESS/$PWD_IP_ADDRESS/" /etc/docker/daemon.json && \
-    umount /var/lib/docker && \
+    umount /var/lib/docker && mount -t securityfs none /sys/kernel/security && \
    dockerd &>/docker.log & \
    while true ; do script -q -c "/bin/bash -l" /dev/null ; done
 # ... and then put a shell in the foreground, restarting it if it exits