How to apply AppArmour to IoT Edge from a deployment manifest

101 views Asked by At

How can I apply an apparmor profile to IoT Edge modules?

Background, If I run docker run -it --security-opt apparmor=docker-azureiotsecurity hello-world I will see the container run with the correct apparmor profile. If I inspect the container, it is correct:

docker inspect quizzical_jang
[
    {
        "Id": "c1bcfe266946b5393c279cba7ac21ea2ed00d47b75c2ae613db7fbd7a0f0faca",
...
        "ProcessLabel": "",
        "AppArmorProfile": "docker-azureiotsecurity",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
...
            "ReadonlyRootfs": false,
            "SecurityOpt": [
                "apparmor=docker-azureiotsecurity"
            ],
            "UTSMode": "",
...
        }
    }
]

If I add the setting to the HostConfig of the module, it shows in HostConfig, but it is in the stated unconfirmed. Is it possible to apply this setting to all my host?

docker inspect quizzical_jang
[
    {
        "Id": "c1bcfe266946b5393c279cba7ac21ea2ed00d47b75c2ae613db7fbd7a0f0faca",
...
        "ProcessLabel": "",
        "AppArmorProfile": "unconfined",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
...
            "ReadonlyRootfs": false,
            "SecurityOpt": [
                "apparmor=docker-azureiotsecurity"
            ],
            "UTSMode": "",
...
        }
    }
]
0

There are 0 answers