summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2019-05-20 09:11:12 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2019-05-20 09:11:16 -0400
commitdb218e7162c25bda03df31cb1a950aa6a765b0f2 (patch)
treeca96a33361b75b0d7bd7a644771c3e7c1dc9d734
parenta83edf23ac8fb12f8787ead5257b35425e1996d6 (diff)
downloadpodman-db218e7162c25bda03df31cb1a950aa6a765b0f2.tar.gz
podman-db218e7162c25bda03df31cb1a950aa6a765b0f2.tar.bz2
podman-db218e7162c25bda03df31cb1a950aa6a765b0f2.zip
Don't set apparmor if --priviliged
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--pkg/spec/spec.go4
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index c2c5e0900..df303db6d 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -268,7 +268,9 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
// SECURITY OPTS
g.SetProcessNoNewPrivileges(config.NoNewPrivs)
- g.SetProcessApparmorProfile(config.ApparmorProfile)
+ if !config.Privileged {
+ g.SetProcessApparmorProfile(config.ApparmorProfile)
+ }
blockAccessToKernelFilesystems(config, &g)