From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Wed, 6 Jan 2016 19:45:38 +0000 (-0800)
Subject: apparmor: recognize 'unconfined' as unconfined.
X-Git-Tag: lxc-2.0.0.beta2~71
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=919a04ed23662e3ca041f5392a1ff3ca78468aee;p=thirdparty%2Flxc.git

apparmor: recognize 'unconfined' as unconfined.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index 43a093e3d..9d8122405 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -150,8 +150,10 @@ static bool aa_stacking_supported(void) {
 static bool in_aa_confined_container(void) {
 	char *p = apparmor_process_label_get(getpid());
 	bool ret = false;
-	if (p && strcmp(p, "/usr/bin/lxc-start") != 0)
+	if (p && strcmp(p, "/usr/bin/lxc-start") != 0 && strcmp(p, "unconfined") != 0) {
+		INFO("Already apparmor-confined under %s", p);
 		ret = true;
+	}
 	free(p);
 	return ret;
 }
@@ -191,7 +193,6 @@ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf
 			ERROR("already apparmor confined, but new label requested.");
 			return -1;
 		}
-		INFO("Already apparmor-confined");
 		return 0;
 	}