Stay organized with collections
Save and categorize content based on your preferences.
Using a custom AppArmor profile
AppArmor lets a system administrator
restrict capabilities of a deployed container by using custom profiles. In some cases,
you might have to apply a custom profile to your deployed container to customize
its capabilities.
To customize the AppArmor profile:
Create the profile on the cluster where you are deploying your migrated container.
See the AppArmor documentation
for more information.
Edit the deployment_spec.yaml file to add the HC_APPARMOR_PROFILE environment
variable with the name of the AppArmor profile:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Using a custom AppArmor profile\n===============================\n\n[AppArmor](https://apparmor.net/) lets a system administrator\nrestrict capabilities of a deployed container by using custom profiles. In some cases,\nyou might have to apply a custom profile to your deployed container to customize\nits capabilities.\n\nTo customize the AppArmor profile:\n\n1. Create the profile on the cluster where you are deploying your migrated container.\n See the [AppArmor](https://apparmor.net/) documentation\n for more information.\n\n2. Edit the `deployment_spec.yaml` file to add the `HC_APPARMOR_PROFILE` environment\n variable with the name of the AppArmor profile:\n\n spec:\n containers:\n - image: gcr.io/my-project/my-container:v1.0.0\n name: my-container\n env:\n - name: HC_APPARMOR_PROFILE\n value: \"apparmor-profile-name\"\n securityContext:\n privileged: true\n ...\n\n See [Reviewing generated deployment files](/migrate/containers/docs/review-deployment-files) for more\n on editing `deployment_spec.yaml`."]]