diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-05-20 17:05:08 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-05-20 17:05:08 +0200 |
commit | 27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555 (patch) | |
tree | 47c8795e07017e2afdefdd20a264052139979339 /pkg/spec/spec.go | |
parent | 18a953918e1d15aded713f9802865807bd25a1e0 (diff) | |
parent | db218e7162c25bda03df31cb1a950aa6a765b0f2 (diff) | |
download | podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.tar.gz podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.tar.bz2 podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.zip |
Merge pull request #3164 from rhatdan/apparmor
Don't set apparmor if --priviliged
Diffstat (limited to 'pkg/spec/spec.go')
-rw-r--r-- | pkg/spec/spec.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index c2c5e0900..df303db6d 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -268,7 +268,9 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM // SECURITY OPTS g.SetProcessNoNewPrivileges(config.NoNewPrivs) - g.SetProcessApparmorProfile(config.ApparmorProfile) + if !config.Privileged { + g.SetProcessApparmorProfile(config.ApparmorProfile) + } blockAccessToKernelFilesystems(config, &g) |