contrib/apparmor: expose LoadDefaultProfile

Expected to be used by nerdctl: 6026ae740a/internal_oci_hook.go (L170-L180)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

contrib/apparmor/apparmor.go

@@ -41,12 +41,22 @@ func WithProfile(profile string) oci.SpecOpts {
 // for the container.  It is only generated if a profile under that name does not exist.
 func WithDefaultProfile(name string) oci.SpecOpts {
 	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+		if err := LoadDefaultProfile(name); err != nil {
+			return err
+		}
+		s.Process.ApparmorProfile = name
+		return nil
+	}
+}
+
+// LoadDefaultProfile ensures the default profile to be loaded with the given name.
+// Returns nil error if the profile is already loaded.
+func LoadDefaultProfile(name string) error {
 	yes, err := isLoaded(name)
 	if err != nil {
 		return err
 	}
 	if yes {
-			s.Process.ApparmorProfile = name
 		return nil
 	}
 	p, err := loadData(name)
@@ -67,7 +77,5 @@ func WithDefaultProfile(name string) oci.SpecOpts {
 	if err := load(path); err != nil {
 		return errors.Wrapf(err, "load apparmor profile %s", path)
 	}
-		s.Process.ApparmorProfile = name
 	return nil
-	}
 }