Merge pull request #3164 from rhatdan/apparmor

Don't set apparmor if --priviliged
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2019-05-20 17:05:08 +0200
committer: GitHub <noreply@github.com> 2019-05-20 17:05:08 +0200
commit: 27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555 (patch)
tree: 47c8795e07017e2afdefdd20a264052139979339
parent: 18a953918e1d15aded713f9802865807bd25a1e0 (diff)
parent: db218e7162c25bda03df31cb1a950aa6a765b0f2 (diff)
download: podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.tar.gz
podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.tar.bz2
podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index c2c5e0900..df303db6d 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -268,7 +268,9 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
 	// SECURITY OPTS
 	g.SetProcessNoNewPrivileges(config.NoNewPrivs)
 
-	g.SetProcessApparmorProfile(config.ApparmorProfile)
+	if !config.Privileged {
+		g.SetProcessApparmorProfile(config.ApparmorProfile)
+	}
 
 	blockAccessToKernelFilesystems(config, &g)
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2019-05-20 17:05:08 +0200
committer	GitHub <noreply@github.com>	2019-05-20 17:05:08 +0200
commit	27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555 (patch)
tree	47c8795e07017e2afdefdd20a264052139979339
parent	18a953918e1d15aded713f9802865807bd25a1e0 (diff)
parent	db218e7162c25bda03df31cb1a950aa6a765b0f2 (diff)
download	podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.tar.gz podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.tar.bz2 podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.zip