AppArmor: runtime check if it's enabled on the host

Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
author: Valentin Rothberg <vrothberg@suse.com> 2018-07-22 17:45:36 +0200
committer: Atomic Bot <atomic-devel@projectatomic.io> 2018-07-23 18:11:09 +0000
commit: 8569ed03056ce39e0dc163747089ed4b60b1b9b1 (patch)
tree: d1ab8cbae6dfc8ef27158f0b8890d2bec275e30d /pkg/apparmor/apparmor_linux.go
parent: 2c11e38b24942a18f43cb27d6c5145850a40be54 (diff)
download: podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.gz
podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.bz2
podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
index 6e8b7f312..a09c5fc44 100644
--- a/pkg/apparmor/apparmor_linux.go
+++ b/pkg/apparmor/apparmor_linux.go
@@ -10,8 +10,15 @@ import (
 	"path"
 	"strings"
 	"text/template"
+
+	runcaa "github.com/opencontainers/runc/libcontainer/apparmor"
 )
 
+// IsEnabled returns true if AppArmor is enabled on the host.
+func IsEnabled() bool {
+	return runcaa.IsEnabled()
+}
+
 // profileData holds information about the given profile for generation.
 type profileData struct {
 	// Name is profile name.
author	Valentin Rothberg <vrothberg@suse.com>	2018-07-22 17:45:36 +0200
committer	Atomic Bot <atomic-devel@projectatomic.io>	2018-07-23 18:11:09 +0000
commit	8569ed03056ce39e0dc163747089ed4b60b1b9b1 (patch)
tree	d1ab8cbae6dfc8ef27158f0b8890d2bec275e30d /pkg/apparmor/apparmor_linux.go
parent	2c11e38b24942a18f43cb27d6c5145850a40be54 (diff)
download	podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.gz podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.bz2 podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.zip