containerd
diff --git a/‎pkg/server/container_create.go‎
Lines changed: 3 additions & 2 deletions b/‎pkg/server/container_create.go‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎pkg/server/container_create_test.go‎
Lines changed: 11 additions & 0 deletions b/‎pkg/server/container_create_test.go‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎vendor.conf‎
Lines changed: 1 addition & 1 deletion b/‎vendor.conf‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎vendor/k8s.io/kubernetes/README.md‎
Lines changed: 1 addition & 1 deletion b/‎vendor/k8s.io/kubernetes/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎vendor/k8s.io/kubernetes/pkg/api/types.go‎
Lines changed: 1 addition & 1 deletion b/‎vendor/k8s.io/kubernetes/pkg/api/types.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎vendor/k8s.io/kubernetes/pkg/api/zz_generated.deepcopy.go‎
Lines changed: 9 additions & 1 deletion b/‎vendor/k8s.io/kubernetes/pkg/api/zz_generated.deepcopy.go‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.pb.go‎
Lines changed: 1 addition & 0 deletions b/‎vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.pb.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.proto‎
Lines changed: 1 addition & 0 deletions b/‎vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.proto‎
Lines changed: 1 addition & 0 deletions
@@ -786,7 +786,7 @@ func generateApparmorSpecOpts(apparmorProf string, privileged, apparmorEnabled b
 	if !apparmorEnabled {
 		// Should fail loudly if user try to specify apparmor profile
 		// but we don't support it.
-		if apparmorProf != "" {
+		if apparmorProf != "" && apparmorProf != unconfinedProfile {
 			return nil, fmt.Errorf("apparmor is not supported")
 		}
 		return nil, nil
@@ -795,7 +795,8 @@ func generateApparmorSpecOpts(apparmorProf string, privileged, apparmorEnabled b
 	case runtimeDefault:
 		// TODO (mikebrow): delete created apparmor default profile
 		return apparmor.WithDefaultProfile(appArmorDefaultProfileName), nil
-	// TODO(random-liu): Should support "unconfined" after kubernetes#52395 lands.
+	case unconfinedProfile:
+		return nil, nil
 	case "":
 		// Based on kubernetes#51746, default apparmor profile should be applied
 		// for non-privileged container when apparmor is not specified.
 
@@ -809,6 +809,17 @@ func TestGenerateApparmorSpecOpts(t *testing.T) {
 			profile:    "",
 			privileged: true,
 		},
+		"should not return error if apparmor is unconfined when apparmor is not supported": {
+			profile: unconfinedProfile,
+			disable: true,
+		},
+		"should not apparmor when apparmor is unconfined": {
+			profile: unconfinedProfile,
+		},
+		"should not apparmor when apparmor is unconfined and privileged is true": {
+			profile:    unconfinedProfile,
+			privileged: true,
+		},
 		"should set default apparmor when apparmor is runtime/default": {
 			profile:  runtimeDefault,
 			specOpts: apparmor.WithDefaultProfile(appArmorDefaultProfileName),
 
@@ -64,5 +64,5 @@ k8s.io/apimachinery 4fd33e5925599d66528ef4f1a5c80f4aa2e27c98
 k8s.io/apiserver c1e53d745d0fe45bf7d5d44697e6eface25fceca
 k8s.io/client-go 82aa063804cf055e16e8911250f888bc216e8b61
 k8s.io/kube-openapi abfc5fbe1cf87ee697db107fdfd24c32fe4397a8
-k8s.io/kubernetes v1.8.0
+k8s.io/kubernetes 5e96f7cae900f71389f3fa291aa307169a44a65a
 k8s.io/utils 4fe312863be2155a7b68acd2aff1c9221b24e68c