@maciek-borzecki the parser can change its behavior based on a few things.
1. the kernel its built against. This would not change behavior when run in a container vs at system level.
2. If a feature-file is specified, via --features-file, --policy-features, or --kernel-features. This allows overriding the normal policy and kernel examination that the parser does when compiling policy.
3. If /sys/kernel/security/apparmor/features is not available. The parser will fallback to an old set of features available in a kernel before the kernel module started exporting what the kernel module supports on the running kernel.
@maciek-borzecki the parser can change its behavior based on a few things.
1. the kernel its built against. This would not change behavior when run in a container vs at system level.
2. If a feature-file is specified, via --features-file, --policy-features, or --kernel-features. This allows overriding the normal policy and kernel examination that the parser does when compiling policy.
3. If /sys/kernel/ security/ apparmor/ features is not available. The parser will fallback to an old set of features available in a kernel before the kernel module started exporting what the kernel module supports on the running kernel.