diff --git a/_service b/_service
index 75d631d..29fcae9 100644
--- a/_service
+++ b/_service
@@ -4,8 +4,8 @@
https://github.com/containers/libpod.git
git
podman
-0.11.1.1
-v0.11.1.1
+1.0.0
+v1.0.0
@@ -16,8 +16,8 @@
https://github.com/kubernetes-sigs/cri-o.git
git
conmon
-git.%H
-4cd5a7c60349be0678d9f1b0657683324c1a2726
+1.13.0
+v1.13.0
diff --git a/conmon-1.13.0.tar.xz b/conmon-1.13.0.tar.xz
new file mode 100644
index 0000000..33d2827
--- /dev/null
+++ b/conmon-1.13.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fafa0bcdbabdad1a78aced77c072d71249e52a9f15d57d4d6ad9d0a9351fd28d
+size 3654876
diff --git a/conmon-git.4cd5a7c60349be0678d9f1b0657683324c1a2726.tar.xz b/conmon-git.4cd5a7c60349be0678d9f1b0657683324c1a2726.tar.xz
deleted file mode 100644
index 891eb9a..0000000
--- a/conmon-git.4cd5a7c60349be0678d9f1b0657683324c1a2726.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:64694fcb54f084bb8e5562ba1bf9c109e4b42d602e6be604111f0c6aef610fd3
-size 3826976
diff --git a/containers-libpod-pull-2225.diff b/containers-libpod-pull-2225.diff
new file mode 100644
index 0000000..dee6ea5
--- /dev/null
+++ b/containers-libpod-pull-2225.diff
@@ -0,0 +1,123 @@
+diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh
+index 627864f47..58c8af289 100755
+--- a/contrib/cirrus/integration_test.sh
++++ b/contrib/cirrus/integration_test.sh
+@@ -17,9 +17,9 @@ set -x
+ cd "$GOSRC"
+ case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
+ ubuntu-18)
+- make install PREFIX=/usr ETCDIR=/etc "BUILDTAGS=$BUILDTAGS"
+- make test-binaries "BUILDTAGS=$BUILDTAGS"
+- SKIP_USERNS=1 make localintegration "BUILDTAGS=$BUILDTAGS"
++ make install PREFIX=/usr ETCDIR=/etc
++ make test-binaries
++ SKIP_USERNS=1 make localintegration
+ ;;
+ fedora-29) ;& # Continue to the next item
+ fedora-28) ;&
+diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
+index 32b2c91a5..39e6c7699 100644
+--- a/contrib/cirrus/lib.sh
++++ b/contrib/cirrus/lib.sh
+@@ -199,7 +199,7 @@ install_runc_from_git(){
+ cd "$DEST"
+ ooe.sh git fetch origin --tags
+ ooe.sh git checkout -q "$RUNC_COMMIT"
+- ooe.sh make static BUILDTAGS="seccomp selinux"
++ ooe.sh make static BUILDTAGS="seccomp apparmor selinux"
+ sudo install -m 755 runc /usr/bin/runc
+ cd $wd
+ }
+diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
+index bcfe7e396..838f3c3f3 100755
+--- a/contrib/cirrus/setup_environment.sh
++++ b/contrib/cirrus/setup_environment.sh
+@@ -57,7 +57,6 @@ then
+ ubuntu-18)
+ # Always install runc on Ubuntu
+ install_runc_from_git
+- envstr='export BUILDTAGS="seccomp $($GOSRC/hack/btrfs_tag.sh) $($GOSRC/hack/btrfs_installed_tag.sh) $($GOSRC/hack/ostree_tag.sh) varlink exclude_graphdriver_devicemapper"'
+ ;;
+ fedora-29) ;& # Continue to the next item
+ fedora-28)
+@@ -67,11 +66,9 @@ then
+ ;& # Continue to the next item
+ centos-7) ;&
+ rhel-7)
+- envstr='unset BUILDTAGS' # Use default from Makefile
+ ;;
+ *) bad_os_id_ver ;;
+ esac
+- X=$(echo "$envstr" | tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X"
+
+ # Do the same for golang env. vars
+ go env | while read envline
+diff --git a/contrib/cirrus/system_test.sh b/contrib/cirrus/system_test.sh
+index 66974f8c6..cb179407a 100755
+--- a/contrib/cirrus/system_test.sh
++++ b/contrib/cirrus/system_test.sh
+@@ -15,12 +15,9 @@ set -x
+ cd "$GOSRC"
+
+ case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
+- ubuntu-18)
+- make install.tools "BUILDTAGS=$BUILDTAGS"
+- make "BUILDTAGS=$BUILDTAGS"
+- make test-binaries "BUILDTAGS=$BUILDTAGS"
+- ;;
++ ubuntu-18) ;& # Continue to the next item
+ fedora-28) ;&
++ fedora-29) ;&
+ centos-7) ;&
+ rhel-7)
+ make install.tools
+diff --git a/contrib/cirrus/unit_test.sh b/contrib/cirrus/unit_test.sh
+index 15403b7a7..fd9e82509 100755
+--- a/contrib/cirrus/unit_test.sh
++++ b/contrib/cirrus/unit_test.sh
+@@ -16,12 +16,8 @@ clean_env
+ set -x
+ cd "$GOSRC"
+ case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
+- ubuntu-18)
+- make install.tools "BUILDTAGS=$BUILDTAGS"
+- make localunit "BUILDTAGS=$BUILDTAGS"
+- make "BUILDTAGS=$BUILDTAGS"
+- ;;
+- fedora-29) ;& # Continue to the next item
++ ubuntu-18) ;& # Continue to the next item
++ fedora-29) ;&
+ fedora-28) ;&
+ centos-7) ;&
+ rhel-7)
+diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
+index 0787b3fa5..2c5022c1f 100644
+--- a/pkg/apparmor/apparmor_linux.go
++++ b/pkg/apparmor/apparmor_linux.go
+@@ -214,8 +214,15 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
+ return name, nil
+ }
+
+- if name != "" && rootless.IsRootless() {
+- return "", errors.Wrapf(ErrApparmorRootless, "cannot load AppArmor profile %q", name)
++ // AppArmor is not supported in rootless mode as it requires root
++ // privileges. Return an error in case a specific profile is specified.
++ if rootless.IsRootless() {
++ if name != "" {
++ return "", errors.Wrapf(ErrApparmorRootless, "cannot load AppArmor profile %q", name)
++ } else {
++ logrus.Debug("skipping loading default AppArmor profile (rootless mode)")
++ return "", nil
++ }
+ }
+
+ if name != "" && !runcaa.IsEnabled() {
+@@ -230,7 +237,7 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
+ return "", err
+ }
+ if !isLoaded {
+- return "", fmt.Errorf("AppArmor profile %q specified but not loaded")
++ return "", fmt.Errorf("AppArmor profile %q specified but not loaded", name)
+ }
+ return name, nil
+ }
diff --git a/podman-1.0.0.tar.xz b/podman-1.0.0.tar.xz
index bc368a7..19bd551 100644
--- a/podman-1.0.0.tar.xz
+++ b/podman-1.0.0.tar.xz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:d442a103023accfc2b100313d16a47065b15a7e688422be1f5705a870c1b0e1e
-size 3509240
+oid sha256:7a68eb431257f0f3408236fe5f00c72fe3a563b37f97407d3443875f7d7d1424
+size 3449692
diff --git a/podman.changes b/podman.changes
index 2b7b342..31527d9 100644
--- a/podman.changes
+++ b/podman.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Jan 30 22:57:51 UTC 2019 - Duncan Mac-Vicar
+
+- Fix rootless mode with AppArmor
+ https://github.com/containers/libpod/pull/2225
+ Add patch containers-libpod-pull-2225.diff
+
+-------------------------------------------------------------------
+Mon Jan 28 10:32:38 UTC 2019 - Richard Brown
+
+- Stop using conmon from random git commits, use cri-o releases
+- Update to conmon from cri-o v1.13.0
+ * Solve gh#containers/libpod#527
+- Tidy up .gitignore files from podman-1.0.0.tar.xz
+
-------------------------------------------------------------------
Thu Jan 17 11:44:58 UTC 2019 - Jordi Massaguer
diff --git a/podman.spec b/podman.spec
index 7afe3f5..1e0c2a9 100644
--- a/podman.spec
+++ b/podman.spec
@@ -18,7 +18,7 @@
%define project github.com/containers/libpod
%define conmon_project github.com/kubernetes-sigs/cri-o
-%define conmon_commit 4cd5a7c60349be0678d9f1b0657683324c1a2726
+%define conmonver 1.13.0
# Build with libostree-devel in Tumbleweed, Leap 15 and SLES 15
%if 0%{?suse_version} >= 1500
%define with_libostree 1
@@ -31,9 +31,11 @@ License: Apache-2.0
Group: System/Management
Url: https://github.com/containers/libpod
Source0: %{name}-%{version}.tar.xz
-Source1: conmon-git.%{conmon_commit}.tar.xz
+Source1: conmon-%{conmonver}.tar.xz
Source2: libpod.conf
Source3: %{name}-rpmlintrc
+# https://github.com/containers/libpod/pull/2225
+Patch0: containers-libpod-pull-2225.diff
BuildRequires: bash-completion
BuildRequires: cni
BuildRequires: device-mapper-devel
@@ -78,8 +80,9 @@ skopeo, as they all share the same datastore backend.
# unpack conmon into the unpacked podman source
%setup -q -T -D -a 1
mkdir -pv $HOME/go/src/%{conmon_project}
-mv conmon-git.%{conmon_commit}/* $HOME/go/src/%{conmon_project}
-rm -r conmon-git.%{conmon_commit}
+mv conmon-%{conmonver}/* $HOME/go/src/%{conmon_project}
+rm -r conmon-%{conmonver}
+%patch0 -p1
%package cni-config
Summary: Basic CNI configuration for podman