diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal_linux.go | 12 | ||||
| -rw-r--r-- | libpod/container_top_linux.go | 5 | ||||
| -rw-r--r-- | libpod/pod_top_linux.go | 4 |
3 files changed, 14 insertions, 7 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index c5e404155..f25f76092 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -25,7 +25,7 @@ import ( "github.com/containers/libpod/pkg/lookup" "github.com/containers/libpod/pkg/resolvconf" "github.com/containers/libpod/pkg/rootless" - "github.com/cyphar/filepath-securejoin" + securejoin "github.com/cyphar/filepath-securejoin" "github.com/opencontainers/runc/libcontainer/user" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" @@ -188,11 +188,13 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } // Apply AppArmor checks and load the default profile if needed. - updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile) - if err != nil { - return nil, err + if !c.config.Privileged { + updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile) + if err != nil { + return nil, err + } + g.SetProcessApparmorProfile(updatedProfile) } - g.SetProcessApparmorProfile(updatedProfile) if err := c.makeBindMounts(); err != nil { return nil, err diff --git a/libpod/container_top_linux.go b/libpod/container_top_linux.go index 392a7029e..2e0e83c05 100644 --- a/libpod/container_top_linux.go +++ b/libpod/container_top_linux.go @@ -6,6 +6,7 @@ import ( "strconv" "strings" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/psgo" "github.com/pkg/errors" ) @@ -47,7 +48,9 @@ func (c *Container) GetContainerPidInformation(descriptors []string) ([]string, // filters on the data. We need to change the API here and the // varlink API to return a [][]string if we want to make use of // filtering. - psgoOutput, err := psgo.JoinNamespaceAndProcessInfo(pid, descriptors) + opts := psgo.JoinNamespaceOpts{FillMappings: rootless.IsRootless()} + + psgoOutput, err := psgo.JoinNamespaceAndProcessInfoWithOptions(pid, descriptors, &opts) if err != nil { return nil, err } diff --git a/libpod/pod_top_linux.go b/libpod/pod_top_linux.go index f49e28c9d..e08e5e83a 100644 --- a/libpod/pod_top_linux.go +++ b/libpod/pod_top_linux.go @@ -6,6 +6,7 @@ import ( "strconv" "strings" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/psgo" ) @@ -43,7 +44,8 @@ func (p *Pod) GetPodPidInformation(descriptors []string) ([]string, error) { // filters on the data. We need to change the API here and the // varlink API to return a [][]string if we want to make use of // filtering. - output, err := psgo.JoinNamespaceAndProcessInfoByPids(pids, descriptors) + opts := psgo.JoinNamespaceOpts{FillMappings: rootless.IsRootless()} + output, err := psgo.JoinNamespaceAndProcessInfoByPidsWithOptions(pids, descriptors, &opts) if err != nil { return nil, err } |