I am trying to confine my docker containers with Apparmor. Apparmor is working on my machine and several profiles are already enforced.
The Docker docs state:
Docker automatically generates and loads a default profile for containers named docker-default
After starting my container with
sudo docker run --rm -ti $ID
I expected aa-status to display the docker-default profile, but that was not the case.
I tried setting --security-opt apparmor:docker-default and --security-opt apparmor:my-own-profile, which still resulted in unconfined running containers.
cat /proc/$CONTAINER_PID/attr/current resulted in unconfined
I reinstalled Docker, rebooted. Same problem.
I reinstalled Apparmor, rebooted. Same problem
I am runing Docker version 18.06.1-ce on Manjaro
Am I missing something?