summaryrefslogtreecommitdiff
path: root/pkg/spec/spec.go
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-05-20 17:05:08 +0200
committerGitHub <noreply@github.com>2019-05-20 17:05:08 +0200
commit27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555 (patch)
tree47c8795e07017e2afdefdd20a264052139979339 /pkg/spec/spec.go
parent18a953918e1d15aded713f9802865807bd25a1e0 (diff)
parentdb218e7162c25bda03df31cb1a950aa6a765b0f2 (diff)
downloadpodman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.tar.gz
podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.tar.bz2
podman-27f9e23a0b9ec8d9ba7ac98b66b422f7825a6555.zip
Merge pull request #3164 from rhatdan/apparmor
Don't set apparmor if --priviliged
Diffstat (limited to 'pkg/spec/spec.go')
-rw-r--r--pkg/spec/spec.go4
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index c2c5e0900..df303db6d 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -268,7 +268,9 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
// SECURITY OPTS
g.SetProcessNoNewPrivileges(config.NoNewPrivs)
- g.SetProcessApparmorProfile(config.ApparmorProfile)
+ if !config.Privileged {
+ g.SetProcessApparmorProfile(config.ApparmorProfile)
+ }
blockAccessToKernelFilesystems(config, &g)