summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorValentin Rothberg <vrothberg@suse.com>2018-08-09 10:41:24 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-09 12:25:15 +0000
commit4c63fcc59ab348e43169c777d037ec01277f1980 (patch)
tree424b8744081c38da1d151dace7b9a098cb9a10a1
parente9b23f7cca7bb91c27d8df117679ade545c8356e (diff)
downloadpodman-4c63fcc59ab348e43169c777d037ec01277f1980.tar.gz
podman-4c63fcc59ab348e43169c777d037ec01277f1980.tar.bz2
podman-4c63fcc59ab348e43169c777d037ec01277f1980.zip
apparmor: respect "unconfined" setting
The "unconfined" profile must be treated specially to turn off apparmor confinement and to avoid applying any other profile. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1241 Approved by: mheon
-rw-r--r--cmd/podman/create.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 92ce249e0..ad6f53b55 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -231,7 +231,7 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
logrus.Infof("Sucessfully loaded AppAmor profile '%s'", profile)
config.ApparmorProfile = profile
}
- } else if config.ApparmorProfile != "" {
+ } else if config.ApparmorProfile != "" && config.ApparmorProfile != "unconfined" {
if !apparmor.IsEnabled() {
return fmt.Errorf("profile specified but AppArmor is disabled on the host")
}