From 44159dfc3230c687229258496ffbe4f7889d5b03 Mon Sep 17 00:00:00 2001
From: Sergey Kanzhelev <S.Kanzhelev@live.com>
Date: Tue, 14 Mar 2023 18:35:01 +0000
Subject: [PATCH] AppArmor no reevaluation of host is needed

---
 pkg/security/apparmor/validate.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/security/apparmor/validate.go b/pkg/security/apparmor/validate.go
index 35d9a337f09..23b637e535e 100644
--- a/pkg/security/apparmor/validate.go
+++ b/pkg/security/apparmor/validate.go
@@ -81,11 +81,14 @@ func (v *validator) Validate(pod *v1.Pod) error {
 	return retErr
 }
 
+// ValidateHost verifies that the host and runtime is capable of enforcing AppArmor profiles.
+// Note, this is intentionally only check the host at kubelet startup and never re-evaluates the host
+// as the expectation is that the kubelet restart will be needed to enable or disable AppArmor support.
 func (v *validator) ValidateHost() error {
 	return v.validateHostErr
 }
 
-// Verify that the host and runtime is capable of enforcing AppArmor profiles.
+// validateHost verifies that the host and runtime is capable of enforcing AppArmor profiles.
 func validateHost() error {
 	// Check feature-gates
 	if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) {