diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2019-05-20 09:11:12 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-05-20 09:11:16 -0400 |
commit | db218e7162c25bda03df31cb1a950aa6a765b0f2 (patch) | |
tree | ca96a33361b75b0d7bd7a644771c3e7c1dc9d734 | |
parent | a83edf23ac8fb12f8787ead5257b35425e1996d6 (diff) | |
download | podman-db218e7162c25bda03df31cb1a950aa6a765b0f2.tar.gz podman-db218e7162c25bda03df31cb1a950aa6a765b0f2.tar.bz2 podman-db218e7162c25bda03df31cb1a950aa6a765b0f2.zip |
Don't set apparmor if --priviliged
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r-- | pkg/spec/spec.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index c2c5e0900..df303db6d 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -268,7 +268,9 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM // SECURITY OPTS g.SetProcessNoNewPrivileges(config.NoNewPrivs) - g.SetProcessApparmorProfile(config.ApparmorProfile) + if !config.Privileged { + g.SetProcessApparmorProfile(config.ApparmorProfile) + } blockAccessToKernelFilesystems(config, &g) |