summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-06-14 21:24:53 +0200
committerGitHub <noreply@github.com>2019-06-14 21:24:53 +0200
commit4a450d55d95fbd02e45206c6c3ef7637d5c49656 (patch)
tree40410b46b21685d28eedb4be8b1bccd16f846892
parent4c849a79ead9447826af650f1511a2ae9c42b50a (diff)
parente61117676034209b6bdfe97a649afae221a080a7 (diff)
downloadpodman-4a450d55d95fbd02e45206c6c3ef7637d5c49656.tar.gz
podman-4a450d55d95fbd02e45206c6c3ef7637d5c49656.tar.bz2
podman-4a450d55d95fbd02e45206c6c3ef7637d5c49656.zip
Merge pull request #3334 from vrothberg/fix-3331
pkg/apparmor: fix when AA is disabled
-rw-r--r--pkg/apparmor/apparmor_linux.go9
1 files changed, 7 insertions, 2 deletions
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
index 2c5022c1f..0d01f41e9 100644
--- a/pkg/apparmor/apparmor_linux.go
+++ b/pkg/apparmor/apparmor_linux.go
@@ -225,8 +225,13 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
}
}
- if name != "" && !runcaa.IsEnabled() {
- return "", fmt.Errorf("profile %q specified but AppArmor is disabled on the host", name)
+ // Check if AppArmor is disabled and error out if a profile is to be set.
+ if !runcaa.IsEnabled() {
+ if name == "" {
+ return "", nil
+ } else {
+ return "", fmt.Errorf("profile %q specified but AppArmor is disabled on the host", name)
+ }
}
// If the specified name is not empty or is not a default libpod one,