From 4c63fcc59ab348e43169c777d037ec01277f1980 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@suse.com>
Date: Thu, 9 Aug 2018 10:41:24 +0200
Subject: apparmor: respect "unconfined" setting

The "unconfined" profile must be treated specially to turn off apparmor
confinement and to avoid applying any other profile.

Signed-off-by: Valentin Rothberg <vrothberg@suse.com>

Closes: #1241
Approved by: mheon
---
 cmd/podman/create.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'cmd')

diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 92ce249e0..ad6f53b55 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -231,7 +231,7 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
 			logrus.Infof("Sucessfully loaded AppAmor profile '%s'", profile)
 			config.ApparmorProfile = profile
 		}
-	} else if config.ApparmorProfile != "" {
+	} else if config.ApparmorProfile != "" && config.ApparmorProfile != "unconfined" {
 		if !apparmor.IsEnabled() {
 			return fmt.Errorf("profile specified but AppArmor is disabled on the host")
 		}
-- 
cgit v1.2.3-54-g00ecf