github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #4832 from AkihiroSuda/expose-apparmor-loaddefault

Browse Source 
contrib/apparmor: expose LoadDefaultProfile
This commit is contained in:
Maksym Pavlenko 2020-12-11 11:04:09 -08:00 committed by GitHub
commit c9c1f5cc58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
contrib/apparmor/apparmor.go
View File

@ -41,12 +41,22 @@ func WithProfile(profile string) oci.SpecOpts {
// for the container. It is only generated if a profile under that name does not exist.
func WithDefaultProfile(name string) oci.SpecOpts {
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
if err := LoadDefaultProfile(name); err != nil {
return err
}
s.Process.ApparmorProfile = name
return nil
}
}
// LoadDefaultProfile ensures the default profile to be loaded with the given name.
// Returns nil error if the profile is already loaded.
func LoadDefaultProfile(name string) error {
yes, err := isLoaded(name)
if err != nil {
return err
}
if yes {
s.Process.ApparmorProfile = name
return nil
}
p, err := loadData(name)
@ -67,7 +77,5 @@ func WithDefaultProfile(name string) oci.SpecOpts {
if err := load(path); err != nil {
return errors.Wrapf(err, "load apparmor profile %s", path)
}
s.Process.ApparmorProfile = name
return nil
}
}