From d9e3cdab8a0da45234029675d0018d7e9c5ff59f Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Sun, 14 Feb 2016 18:06:31 +1100
Subject: [PATCH] apparmor: use correct version for ptrace denial suppression

Ubuntu ships apparmor_parser 2.9 erroniously as "2.8.95". Fix the
incorrect version check for >=2.8, when in fact 2.8 deosn't support the
required feature.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
Upstream-commit: 284d9d451e93baff311b501018cae2097f76b134
Component: engine
---
 components/engine/profiles/apparmor/template.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
index 2e2594a1e3..db867b9def 100644
--- a/components/engine/profiles/apparmor/template.go
+++ b/components/engine/profiles/apparmor/template.go
@@ -38,7 +38,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
   deny /sys/firmware/efi/efivars/** rwklx,
   deny /sys/kernel/security/** rwklx,
 
-{{if ge .Version 208000}}
+{{if ge .Version 208095}}
   # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
   ptrace (trace,read) peer=docker-default,
 {{end}}