From 55eda46b22f985cde99b599e469ff9c13994bf68 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Mon, 7 Dec 2020 19:12:13 +0900
Subject: [PATCH] expose hostSupportsAppArmor()

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 pkg/{cri/server => apparmor}/apparmor.go             | 6 +++---
 pkg/{cri/server => apparmor}/apparmor_unsupported.go | 4 ++--
 pkg/cri/server/helpers_linux.go                      | 3 ++-
 3 files changed, 7 insertions(+), 6 deletions(-)
 rename pkg/{cri/server => apparmor}/apparmor.go (91%)
 rename pkg/{cri/server => apparmor}/apparmor_unsupported.go (93%)

diff --git a/pkg/cri/server/apparmor.go b/pkg/apparmor/apparmor.go
similarity index 91%
rename from pkg/cri/server/apparmor.go
rename to pkg/apparmor/apparmor.go
index 1e6586d6c..484bccf7e 100644
--- a/pkg/cri/server/apparmor.go
+++ b/pkg/apparmor/apparmor.go
@@ -16,7 +16,7 @@
    limitations under the License.
 */
 
-package server
+package apparmor
 
 import (
 	"io/ioutil"
@@ -29,12 +29,12 @@ var (
 	checkAppArmor     sync.Once
 )
 
-// hostSupportsAppArmor returns true if apparmor is enabled for the host, if
+// HostSupports returns true if apparmor is enabled for the host, if
 // apparmor_parser is enabled, and if we are not running docker-in-docker.
 //
 // It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
 // check for apparmor_parser to be present, or if we're running docker-in-docker.
-func hostSupportsAppArmor() bool {
+func HostSupports() bool {
 	checkAppArmor.Do(func() {
 		// see https://github.com/docker/docker/commit/de191e86321f7d3136ff42ff75826b8107399497
 		if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
diff --git a/pkg/cri/server/apparmor_unsupported.go b/pkg/apparmor/apparmor_unsupported.go
similarity index 93%
rename from pkg/cri/server/apparmor_unsupported.go
rename to pkg/apparmor/apparmor_unsupported.go
index a814325c3..68e410d22 100644
--- a/pkg/cri/server/apparmor_unsupported.go
+++ b/pkg/apparmor/apparmor_unsupported.go
@@ -16,9 +16,9 @@
    limitations under the License.
 */
 
-package server
+package apparmor
 
 //nolint: deadcode, unused
-func hostSupportsAppArmor() bool {
+func HostSupports() bool {
 	return false
 }
diff --git a/pkg/cri/server/helpers_linux.go b/pkg/cri/server/helpers_linux.go
index 48c9fbfa6..f367865c2 100644
--- a/pkg/cri/server/helpers_linux.go
+++ b/pkg/cri/server/helpers_linux.go
@@ -30,6 +30,7 @@ import (
 
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/pkg/apparmor"
 	"github.com/containerd/containerd/pkg/seccomp"
 	"github.com/containerd/containerd/pkg/seutil"
 	"github.com/opencontainers/runtime-spec/specs-go"
@@ -146,7 +147,7 @@ func (c *criService) apparmorEnabled() bool {
 	if c.config.DisableApparmor {
 		return false
 	}
-	return hostSupportsAppArmor()
+	return apparmor.HostSupports()
 }
 
 func (c *criService) seccompEnabled() bool {