Using a custom AppArmor profile

AppArmor lets a system administrator restrict capabilities of a deployed container by using custom profiles. In some cases, you might have to apply a custom profile to your deployed container to customize its capabilities.

To customize the AppArmor profile:

  1. Create the profile on the cluster where you are deploying your migrated container. See the AppArmor documentation for more information.

  2. Edit the deployment_spec.yaml file to add the HC_APPARMOR_PROFILE environment variable with the name of the AppArmor profile:

      - image:
        name: my-container
        - name: HC_APPARMOR_PROFILE
          value: "apparmor-profile-name"
          privileged: true

    See Reviewing generated deployment files for more on editing deployment_spec.yaml.