In general it could be possible that init containers deploy security
profiles. The existing AppArmor pre-validation would block the complete
workload without this patch being applied. If we now schedule a
workload which contains an unconfined init container, then we will skip
the validation. The underlying container runtime will fail if the
profile is not available after the execution of the init container.
This synchronizes the overall behavior with seccomp.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
