diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-07-11 13:21:15 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-11 13:21:15 +0200 |
| commit | 88b8d2829ced423593f40030c04662ee596740b7 (patch) | |
| tree | 4f2aa35c726b4e81633a6a08cbdad3dfa0ca8dca /cmd | |
| parent | a4e080fd2a98f8c0275c34f5ebba984239634fa3 (diff) | |
| parent | b3f15c09cd94f5a92544b7b8c7eb4e74ef8e76d3 (diff) | |
| download | podman-88b8d2829ced423593f40030c04662ee596740b7.tar.gz podman-88b8d2829ced423593f40030c04662ee596740b7.tar.bz2 podman-88b8d2829ced423593f40030c04662ee596740b7.zip | |
Merge pull request #6932 from rhafer/aa_priv
Don't setup AppArmor provile for privileged pods
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/podman/common/specgen.go | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index eca0da32b..96aeb08f4 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -525,8 +525,10 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string s.ContainerSecurityConfig.SelinuxOpts = append(s.ContainerSecurityConfig.SelinuxOpts, con[1]) s.Annotations[define.InspectAnnotationLabel] = strings.Join(s.ContainerSecurityConfig.SelinuxOpts, ",label=") case "apparmor": - s.ContainerSecurityConfig.ApparmorProfile = con[1] - s.Annotations[define.InspectAnnotationApparmor] = con[1] + if !c.Privileged { + s.ContainerSecurityConfig.ApparmorProfile = con[1] + s.Annotations[define.InspectAnnotationApparmor] = con[1] + } case "seccomp": s.SeccompProfilePath = con[1] s.Annotations[define.InspectAnnotationSeccomp] = con[1] |