From db218e7162c25bda03df31cb1a950aa6a765b0f2 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Mon, 20 May 2019 09:11:12 -0400
Subject: Don't set apparmor if --priviliged

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/spec/spec.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index c2c5e0900..df303db6d 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -268,7 +268,9 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
 	// SECURITY OPTS
 	g.SetProcessNoNewPrivileges(config.NoNewPrivs)
 
-	g.SetProcessApparmorProfile(config.ApparmorProfile)
+	if !config.Privileged {
+		g.SetProcessApparmorProfile(config.ApparmorProfile)
+	}
 
 	blockAccessToKernelFilesystems(config, &g)
 
-- 
cgit v1.2.3-54-g00ecf