diff options
author | Valentin Rothberg <vrothberg@suse.com> | 2018-08-09 10:41:24 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-09 12:25:15 +0000 |
commit | 4c63fcc59ab348e43169c777d037ec01277f1980 (patch) | |
tree | 424b8744081c38da1d151dace7b9a098cb9a10a1 | |
parent | e9b23f7cca7bb91c27d8df117679ade545c8356e (diff) | |
download | podman-4c63fcc59ab348e43169c777d037ec01277f1980.tar.gz podman-4c63fcc59ab348e43169c777d037ec01277f1980.tar.bz2 podman-4c63fcc59ab348e43169c777d037ec01277f1980.zip |
apparmor: respect "unconfined" setting
The "unconfined" profile must be treated specially to turn off apparmor
confinement and to avoid applying any other profile.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1241
Approved by: mheon
-rw-r--r-- | cmd/podman/create.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 92ce249e0..ad6f53b55 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -231,7 +231,7 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error { logrus.Infof("Sucessfully loaded AppAmor profile '%s'", profile) config.ApparmorProfile = profile } - } else if config.ApparmorProfile != "" { + } else if config.ApparmorProfile != "" && config.ApparmorProfile != "unconfined" { if !apparmor.IsEnabled() { return fmt.Errorf("profile specified but AppArmor is disabled on the host") } |