diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index 95e6a20b36..d04c67173b 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -160,29 +160,30 @@ func parseSecurityOpt(container *container.Container, config *containertypes.Hos
 	for _, opt := range config.SecurityOpt {
 		if opt == "no-new-privileges" {
 			container.NoNewPrivileges = true
-		} else {
-			var con []string
-			if strings.Contains(opt, "=") {
-				con = strings.SplitN(opt, "=", 2)
-			} else if strings.Contains(opt, ":") {
-				con = strings.SplitN(opt, ":", 2)
-				logrus.Warn("Security options with `:` as a separator are deprecated and will be completely unsupported in 1.13, use `=` instead.")
-			}
+			continue
+		}
 
-			if len(con) != 2 {
-				return fmt.Errorf("Invalid --security-opt 1: %q", opt)
-			}
+		var con []string
+		if strings.Contains(opt, "=") {
+			con = strings.SplitN(opt, "=", 2)
+		} else if strings.Contains(opt, ":") {
+			con = strings.SplitN(opt, ":", 2)
+			logrus.Warn("Security options with `:` as a separator are deprecated and will be completely unsupported in 1.13, use `=` instead.")
+		}
 
-			switch con[0] {
-			case "label":
-				labelOpts = append(labelOpts, con[1])
-			case "apparmor":
-				container.AppArmorProfile = con[1]
-			case "seccomp":
-				container.SeccompProfile = con[1]
-			default:
-				return fmt.Errorf("Invalid --security-opt 2: %q", opt)
-			}
+		if len(con) != 2 {
+			return fmt.Errorf("invalid --security-opt 1: %q", opt)
+		}
+
+		switch con[0] {
+		case "label":
+			labelOpts = append(labelOpts, con[1])
+		case "apparmor":
+			container.AppArmorProfile = con[1]
+		case "seccomp":
+			container.SeccompProfile = con[1]
+		default:
+			return fmt.Errorf("invalid --security-opt 2: %q", opt)
 		}
 	}