From e60622ff9e8619698d7473258e4d4a0de90ea716 Mon Sep 17 00:00:00 2001
From: Marcos Lilljedahl <marcosnils@gmail.com>
Date: Sun, 26 Mar 2017 20:10:13 -0300
Subject: [PATCH] Mount securityfs to allow apparmor profiles in PWD

---
 Dockerfile.dind | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile.dind b/Dockerfile.dind
index 140cd72..ddbaf2f 100644
--- a/Dockerfile.dind
+++ b/Dockerfile.dind
@@ -40,7 +40,7 @@ CMD cat /etc/hosts >/etc/hosts.bak && \
     sed 's/^::1.*//' /etc/hosts.bak > /etc/hosts && \
     sed -i "s/\DOCKER_STORAGE_DRIVER/$DOCKER_STORAGE_DRIVER/" /etc/docker/daemon.json && \
     sed -i "s/\PWD_IP_ADDRESS/$PWD_IP_ADDRESS/" /etc/docker/daemon.json && \
-    umount /var/lib/docker && \
+    umount /var/lib/docker && mount -t securityfs none /sys/kernel/security && \
     dockerd &>/docker.log & \
     while true ; do script -q -c "/bin/bash -l" /dev/null ; done
 # ... and then put a shell in the foreground, restarting it if it exits