diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-01-10 03:34:54 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-10 03:34:54 -0800 |
| commit | 64627d910b2113fa2de6b949d846af379e75e305 (patch) | |
| tree | d555591919d240a25827eb3737446260c04496e0 /pkg/spec | |
| parent | 0f6535cf6b4bfac265983c2fdd3482310ab4f39b (diff) | |
| parent | edb285d17675061832aceaf72021b87aba149438 (diff) | |
| download | podman-64627d910b2113fa2de6b949d846af379e75e305.tar.gz podman-64627d910b2113fa2de6b949d846af379e75e305.tar.bz2 podman-64627d910b2113fa2de6b949d846af379e75e305.zip | |
Merge pull request #2114 from vrothberg/issue-2107
apparmor: apply default profile at container initialization
Diffstat (limited to 'pkg/spec')
| -rw-r--r-- | pkg/spec/spec.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index ffa999730..9ef0223f2 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -252,6 +252,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } // SECURITY OPTS g.SetProcessNoNewPrivileges(config.NoNewPrivs) + g.SetProcessApparmorProfile(config.ApparmorProfile) blockAccessToKernelFilesystems(config, &g) |