From 1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <rothberg@redhat.com>
Date: Wed, 22 Dec 2021 13:28:36 +0100
Subject: container creation: don't apply reserved annotations from image

Do not apply reserved annotations from the image to the container.
Reserved annotations are applied during container creation to retrieve
certain information (e.g., custom seccomp profile or autoremoval)
once a container has been created.

Context: #12671
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
---
 pkg/specgen/generate/container.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'pkg/specgen')

diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 40a18a6ac..57676db10 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -156,7 +156,9 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 
 		// Add annotations from the image
 		for k, v := range inspectData.Annotations {
-			annotations[k] = v
+			if !define.IsReservedAnnotation(k) {
+				annotations[k] = v
+			}
 		}
 	}
 
-- 
cgit v1.2.3-54-g00ecf