containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

apparmor: respect "unconfined" setting 

The "unconfined" profile must be treated specially to turn off apparmor
confinement and to avoid applying any other profile.

Signed-off-by: Valentin Rothberg <vrothberg@suse.com>

Closes: #1241
Approved by: mheon
This commit is contained in:
Valentin Rothberg 2018-08-09 10:41:24 +02:00 committed by Atomic Bot
parent e9b23f7cca
commit 4c63fcc59a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/podman/create.go
View File

@ -231,7 +231,7 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
logrus.Infof("Sucessfully loaded AppAmor profile '%s'", profile) logrus.Infof("Sucessfully loaded AppAmor profile '%s'", profile)
config.ApparmorProfile = profile config.ApparmorProfile = profile
} }
} else if config.ApparmorProfile != "" { } else if config.ApparmorProfile != "" && config.ApparmorProfile != "unconfined" {
if !apparmor.IsEnabled() { if !apparmor.IsEnabled() {
return fmt.Errorf("profile specified but AppArmor is disabled on the host") return fmt.Errorf("profile specified but AppArmor is disabled on the host")
} }