rootfs: apparmor=unconfined is needed for non Red Hat host OSes

This is not needed for Fedora, RHEL, and CentOS, but it is required when
using any other host OS.  Having --security-opt apparmor=unconfined used
unconditionally is a no go as it'd break podman.

The reason this was only added when building for SUSE (as target distro)
was because debian and ubuntu condition would fall-through the switch to
the suse case (which makes me think that the fall-through was not
accidental).

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

tools/osbuilder/rootfs-builder/rootfs.sh

@@ -196,10 +196,23 @@ docker_extra_args()
 		args+=" -v ${gentoo_local_portage_dir}:/usr/portage/packages"
 		args+=" --volumes-from ${gentoo_portage_container}"
 		;;
-	suse)
-		# When AppArmor is enabled, mounting inside a container is blocked with docker-default profile.
-		# See https://github.com/moby/moby/issues/16429
-		args+=" --security-opt apparmor=unconfined"
+        debian | ubuntu | suse)
+		source /etc/os-release
+
+		case "$ID" in
+                fedora | centos | rhel)
+			# Depending on the podman version, we'll face issues when passing
+		        # `--security-opt apparmor=unconfined` on a system where not apparmor is not installed.
+			# Because of this, let's just avoid adding this option when the host OS comes from Red Hat.
+
+			# A explict check for podman, at least for now, can be avoided.
+			;;
+		*)
+			# When AppArmor is enabled, mounting inside a container is blocked with docker-default profile.
+			# See https://github.com/moby/moby/issues/16429
+			args+=" --security-opt apparmor=unconfined"
+			;;
+		esac
 		;;
 	*)
 		;;