From d7ccae072e231aab8f2b4529e97d748d23546776 Mon Sep 17 00:00:00 2001
From: Simon Fels <morphis@gravedo.de>
Date: Wed, 12 Apr 2017 19:13:04 +0200
Subject: [PATCH] Check for AppArmor support before using aa-exec

---
 scripts/container-manager.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/scripts/container-manager.sh b/scripts/container-manager.sh
index 9afaacb..993a150 100755
--- a/scripts/container-manager.sh
+++ b/scripts/container-manager.sh
@@ -28,8 +28,14 @@ start() {
 	# Ensure FUSE support for user namespaces is enabled
 	echo Y | sudo tee /sys/module/fuse/parameters/userns_mounts || echo "WARNING: kernel doesn't support fuse in user namespaces"
 
-	exec $SNAP/usr/sbin/aa-exec -p unconfined -- \
-		$SNAP/bin/anbox-wrapper.sh container-manager \
+	# Only try to use AppArmor when the kernel has support for it
+	AA_EXEC="$SNAP/usr/sbin/aa-exec -p unconfined --"
+	if [ ! -d /sys/kernel/security/apparmor ]; then
+		echo "WARNING: AppArmor support is not available!"
+		AA_EXEC=""
+	fi
+
+	exec $AA_EXEC $SNAP/bin/anbox-wrapper.sh container-manager \
 		--data-path=$DATA_PATH \
 		--android-image=$ANDROID_IMG
 }