1 // +build apparmor,linux
5 // #cgo LDFLAGS: -lapparmor
6 // #include <sys/apparmor.h>
16 // IsEnabled returns true if apparmor is enabled for the host.
17 func IsEnabled() bool {
18 if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
19 if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
20 buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
21 return err == nil && len(buf) > 1 && buf[0] == 'Y'
27 // ApplyProfile will apply the profile with the specified name to the process after
29 func ApplyProfile(name string) error {
33 cName := C.CString(name)
34 defer C.free(unsafe.Pointer(cName))
35 if _, err := C.aa_change_onexec(cName); err != nil {
36 return fmt.Errorf("apparmor failed to apply profile: %s", err)