apparmor: add DumpDefaultProfile

This function will be used by nerdctl for printing the default AppArmor
profile: `nerdctl system inspect apparmor-profile`

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

contrib/apparmor/apparmor.go

@@ -19,6 +19,7 @@
 package apparmor
 
 import (
+	"bytes"
 	"context"
 	"io/ioutil"
 	"os"
@@ -79,3 +80,17 @@ func LoadDefaultProfile(name string) error {
 	}
 	return nil
 }
+
+// DumpDefaultProfiles dumps the default profile with the given name.
+func DumpDefaultProfile(name string) (string, error) {
+	p, err := loadData(name)
+	if err != nil {
+		return "", err
+	}
+
+	var buf bytes.Buffer
+	if err := generate(p, &buf); err != nil {
+		return "", err
+	}
+	return buf.String(), nil
+}

contrib/apparmor/apparmor_test.go

@@ -104,3 +104,16 @@ Copyright 2009-2018 Canonical Ltd.
 		}
 	}
 }
+
+func TestDumpDefaultProfile(t *testing.T) {
+	if _, err := getVersion(); err != nil {
+		t.Skipf("AppArmor not available: %+v", err)
+	}
+	name := "test-dump-default-profile"
+	prof, err := DumpDefaultProfile(name)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("Generated profile %q", name)
+	t.Log(prof)
+}