github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #5519 from wzshiming/fix/dont-check-apparmor-parser

Browse Source 
Don't check for apparmor_parser to be present
This commit is contained in:
Phil Estes 2021-05-20 14:24:07 -04:00 committed by GitHub
commit a0efc54795
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/apparmor/apparmor_linux.go
View File

@ -36,12 +36,10 @@ var (
// check for apparmor_parser to be present, or if we're running docker-in-docker. // check for apparmor_parser to be present, or if we're running docker-in-docker.
func hostSupports() bool { func hostSupports() bool {
checkAppArmor.Do(func() { checkAppArmor.Do(func() {
// see https://github.com/docker/docker/commit/de191e86321f7d3136ff42ff75826b8107399497 // see https://github.com/opencontainers/runc/blob/0d49470392206f40eaab3b2190a57fe7bb3df458/libcontainer/apparmor/apparmor_linux.go
if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" { if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
if _, err = os.Stat("/sbin/apparmor_parser"); err == nil { buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") appArmorSupported = err == nil && len(buf) > 1 && buf[0] == 'Y'
appArmorSupported = err == nil && len(buf) > 1 && buf[0] == 'Y'
}
} }
}) })
return appArmorSupported return appArmorSupported