Sometimes --privileged is too much and capabilities are not enough. This configuration option allow you to set a custom apparmor profile for a container to e.g. get elevated /proc permissions. It can also effectively disable apparmor by setting the value to unconfined.
Sometimes
--privileged
is too much and capabilities are not enough. This configuration option allow you to set a custom apparmor profile for a container to e.g. get elevated/proc
permissions. It can also effectively disable apparmor by setting the value tounconfined
.