apparmor: add DumpDefaultProfile

This function will be used by nerdctl for printing the default AppArmor profile: `nerdctl system inspect apparmor-profile` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-08 17:25:02 +09:00 · 2021-03-08 17:25:02 +09:00 · 0580bd6990
commit 0580bd6990
parent a72fe7da21
2 changed files with 28 additions and 0 deletions
--- a/contrib/apparmor/apparmor.go
+++ b/contrib/apparmor/apparmor.go
@ -19,6 +19,7 @@
 package apparmor

 import (
+	"bytes"
 	"context"
 	"io/ioutil"
 	"os"
@ -79,3 +80,17 @@ func LoadDefaultProfile(name string) error {
 	}
 	return nil
 }
+
+// DumpDefaultProfiles dumps the default profile with the given name.
+func DumpDefaultProfile(name string) (string, error) {
+	p, err := loadData(name)
+	if err != nil {
+		return "", err
+	}
+
+	var buf bytes.Buffer
+	if err := generate(p, &buf); err != nil {
+		return "", err
+	}
+	return buf.String(), nil
+}
--- a/contrib/apparmor/apparmor_test.go
+++ b/contrib/apparmor/apparmor_test.go
@ -104,3 +104,16 @@ Copyright 2009-2018 Canonical Ltd.
 		}
 	}
 }
+
+func TestDumpDefaultProfile(t *testing.T) {
+	if _, err := getVersion(); err != nil {
+		t.Skipf("AppArmor not available: %+v", err)
+	}
+	name := "test-dump-default-profile"
+	prof, err := DumpDefaultProfile(name)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("Generated profile %q", name)
+	t.Log(prof)
+}