summaryrefslogtreecommitdiff
path: root/pkg/apparmor
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-01-30 11:23:05 +0100
committerGitHub <noreply@github.com>2019-01-30 11:23:05 +0100
commitb01ec95bda1f0398e62be85aeade70f2e6a1ca8d (patch)
treec768302438a4dd019bab007c51c3698affb56be7 /pkg/apparmor
parent76019c31f535c6473e5f7d645cf42ca4477e2c33 (diff)
parent18b7009754df560d6debcba6123888af62b6e3e0 (diff)
downloadpodman-b01ec95bda1f0398e62be85aeade70f2e6a1ca8d.tar.gz
podman-b01ec95bda1f0398e62be85aeade70f2e6a1ca8d.tar.bz2
podman-b01ec95bda1f0398e62be85aeade70f2e6a1ca8d.zip
Merge pull request #2225 from cevich/enable_apparmor
Cirrus: Enable AppArmor build and test
Diffstat (limited to 'pkg/apparmor')
-rw-r--r--pkg/apparmor/apparmor_linux.go13
1 files changed, 10 insertions, 3 deletions
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
index 0787b3fa5..2c5022c1f 100644
--- a/pkg/apparmor/apparmor_linux.go
+++ b/pkg/apparmor/apparmor_linux.go
@@ -214,8 +214,15 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
return name, nil
}
- if name != "" && rootless.IsRootless() {
- return "", errors.Wrapf(ErrApparmorRootless, "cannot load AppArmor profile %q", name)
+ // AppArmor is not supported in rootless mode as it requires root
+ // privileges. Return an error in case a specific profile is specified.
+ if rootless.IsRootless() {
+ if name != "" {
+ return "", errors.Wrapf(ErrApparmorRootless, "cannot load AppArmor profile %q", name)
+ } else {
+ logrus.Debug("skipping loading default AppArmor profile (rootless mode)")
+ return "", nil
+ }
}
if name != "" && !runcaa.IsEnabled() {
@@ -230,7 +237,7 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
return "", err
}
if !isLoaded {
- return "", fmt.Errorf("AppArmor profile %q specified but not loaded")
+ return "", fmt.Errorf("AppArmor profile %q specified but not loaded", name)
}
return name, nil
}