apparmor: recognize 'unconfined' as unconfined.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index 43a093e3d57eee6688b71737b8ed5e2e7c989a6f..9d81224051f431ffbc04ceb30df6ac3dae7761e8 100644 (file)
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -150,8 +150,10 @@ static bool aa_stacking_supported(void) {
 static bool in_aa_confined_container(void) {
        char *p = apparmor_process_label_get(getpid());
        bool ret = false;
-       if (p && strcmp(p, "/usr/bin/lxc-start") != 0)
+       if (p && strcmp(p, "/usr/bin/lxc-start") != 0 && strcmp(p, "unconfined") != 0) {
+               INFO("Already apparmor-confined under %s", p);
                ret = true;
+       }
        free(p);
        return ret;
 }
@@ -191,7 +193,6 @@ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf
                        ERROR("already apparmor confined, but new label requested.");
                        return -1;
                }
-               INFO("Already apparmor-confined");
                return 0;
        }