diff options
| author | Valentin Rothberg <rothberg@redhat.com> | 2019-06-14 17:33:47 +0200 |
|---|---|---|
| committer | Valentin Rothberg <rothberg@redhat.com> | 2019-06-14 17:37:16 +0200 |
| commit | e61117676034209b6bdfe97a649afae221a080a7 (patch) | |
| tree | 4e49d7509c7678b6ddcc8c3c191648b3768251a9 | |
| parent | 1322b41aa09d9cd9c4a51a7b69ff0e92df37a90b (diff) | |
| download | podman-e61117676034209b6bdfe97a649afae221a080a7.tar.gz podman-e61117676034209b6bdfe97a649afae221a080a7.tar.bz2 podman-e61117676034209b6bdfe97a649afae221a080a7.zip | |
pkg/apparmor: fix when AA is disabled
Do not try to load the default profile when AppArmor is disabled on the
host.
Fixes: #3331
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| -rw-r--r-- | pkg/apparmor/apparmor_linux.go | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go index 2c5022c1f..0d01f41e9 100644 --- a/pkg/apparmor/apparmor_linux.go +++ b/pkg/apparmor/apparmor_linux.go @@ -225,8 +225,13 @@ func CheckProfileAndLoadDefault(name string) (string, error) { } } - if name != "" && !runcaa.IsEnabled() { - return "", fmt.Errorf("profile %q specified but AppArmor is disabled on the host", name) + // Check if AppArmor is disabled and error out if a profile is to be set. + if !runcaa.IsEnabled() { + if name == "" { + return "", nil + } else { + return "", fmt.Errorf("profile %q specified but AppArmor is disabled on the host", name) + } } // If the specified name is not empty or is not a default libpod one, |