Skip to content

Commit

Permalink
Merge pull request #6201 from tengqm/apparmor-unconfined
Browse files Browse the repository at this point in the history 
Document the unconfined profile for AppArmor
  • Loading branch information
@tengqm
tengqm authored Nov 8, 2017
2 parents 3169e4f + 07e5c8b commit c0a712a
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions docs/tutorials/clusters/apparmor.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ specifies the profile to apply. The `profile_ref` can be one of:
* `runtime/default` to apply the runtime's default profile
* `localhost/<profile_name>` to apply the profile loaded on the host with the name `<profile_name>`
* `unconfined` to indicate that no profiles will be loaded

See the [API Reference](#api-reference) for the full details on the annotation and profile name formats.

Expand Down Expand Up @@ -410,6 +411,7 @@ Specifying the profile a container will run with:
- `localhost/<profile_name>`: Refers to a profile loaded on the node (localhost) by name.
- The possible profile names are detailed in the
[core policy reference](http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Profile_names_and_attachment_specifications).
- `unconfined`: This effectively disables AppArmor on the container.
Any other profile reference format is invalid.
Expand Down

0 comments on commit c0a712a

Please sign in to comment.