diff --git a/pkg/security/apparmor/validate.go b/pkg/security/apparmor/validate.go index 35d9a337f09..23b637e535e 100644 --- a/pkg/security/apparmor/validate.go +++ b/pkg/security/apparmor/validate.go @@ -81,11 +81,14 @@ func (v *validator) Validate(pod *v1.Pod) error { return retErr } +// ValidateHost verifies that the host and runtime is capable of enforcing AppArmor profiles. +// Note, this is intentionally only check the host at kubelet startup and never re-evaluates the host +// as the expectation is that the kubelet restart will be needed to enable or disable AppArmor support. func (v *validator) ValidateHost() error { return v.validateHostErr } -// Verify that the host and runtime is capable of enforcing AppArmor profiles. +// validateHost verifies that the host and runtime is capable of enforcing AppArmor profiles. func validateHost() error { // Check feature-gates if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) {