github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

expose hostSupportsAppArmor()

Browse Source 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2020-12-07 19:12:13 +09:00
parent 59a0667cff
commit 55eda46b22
No known key found for this signature in database
GPG Key ID: 49524C6F9F638F1A
3 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/cri/server/apparmor.go → pkg/apparmor/apparmor.go
View File

@ -16,7 +16,7 @@
limitations under the License. limitations under the License.
*/ */
package server package apparmor
import ( import (
"io/ioutil" "io/ioutil"
@ -29,12 +29,12 @@ var (
checkAppArmor sync.Once checkAppArmor sync.Once
) )
// hostSupportsAppArmor returns true if apparmor is enabled for the host, if // HostSupports returns true if apparmor is enabled for the host, if
// apparmor_parser is enabled, and if we are not running docker-in-docker. // apparmor_parser is enabled, and if we are not running docker-in-docker.
// //
// It is a modified version of libcontainer/apparmor.IsEnabled(), which does not // It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
// check for apparmor_parser to be present, or if we're running docker-in-docker. // check for apparmor_parser to be present, or if we're running docker-in-docker.
func hostSupportsAppArmor() bool { func HostSupports() bool {
checkAppArmor.Do(func() { checkAppArmor.Do(func() {
// see https://github.com/docker/docker/commit/de191e86321f7d3136ff42ff75826b8107399497 // see https://github.com/docker/docker/commit/de191e86321f7d3136ff42ff75826b8107399497
if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" { if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {

4
pkg/cri/server/apparmor_unsupported.go → pkg/apparmor/apparmor_unsupported.go
View File

@ -16,9 +16,9 @@
limitations under the License. limitations under the License.
*/ */
package server package apparmor
//nolint: deadcode, unused //nolint: deadcode, unused
func hostSupportsAppArmor() bool { func HostSupports() bool {
return false return false
} }

3
pkg/cri/server/helpers_linux.go
View File

@ -30,6 +30,7 @@ import (
"github.com/containerd/containerd/log" "github.com/containerd/containerd/log"
"github.com/containerd/containerd/mount" "github.com/containerd/containerd/mount"
"github.com/containerd/containerd/pkg/apparmor"
"github.com/containerd/containerd/pkg/seccomp" "github.com/containerd/containerd/pkg/seccomp"
"github.com/containerd/containerd/pkg/seutil" "github.com/containerd/containerd/pkg/seutil"
"github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-spec/specs-go"
@ -146,7 +147,7 @@ func (c *criService) apparmorEnabled() bool {
if c.config.DisableApparmor { if c.config.DisableApparmor {
return false return false
} }
return hostSupportsAppArmor() return apparmor.HostSupports()
} }
func (c *criService) seccompEnabled() bool { func (c *criService) seccompEnabled() bool {