github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #322 from miaoyq/fix-314

Browse Source 
Update kubernetes version to the PR#52395 and support `unconfined` apparmor
This commit is contained in:
Lantao Liu
2017-10-04 10:49:56 -07:00
committed by GitHub
parent cfa7acf1f6 9f656cdda4
commit 23b8330b44
8 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/server/container_create.go
View File

@@ -786,7 +786,7 @@ func generateApparmorSpecOpts(apparmorProf string, privileged, apparmorEnabled b
if !apparmorEnabled {
// Should fail loudly if user try to specify apparmor profile
// but we don't support it.
if apparmorProf != "" {
if apparmorProf != "" && apparmorProf != unconfinedProfile {
return nil, fmt.Errorf("apparmor is not supported")
}
return nil, nil
@@ -795,7 +795,8 @@ func generateApparmorSpecOpts(apparmorProf string, privileged, apparmorEnabled b
case runtimeDefault:
// TODO (mikebrow): delete created apparmor default profile
return apparmor.WithDefaultProfile(appArmorDefaultProfileName), nil
// TODO(random-liu): Should support "unconfined" after kubernetes#52395 lands.
case unconfinedProfile:
return nil, nil
case "":
// Based on kubernetes#51746, default apparmor profile should be applied
// for non-privileged container when apparmor is not specified.