aboutsummaryrefslogtreecommitdiff
path: root/pkg/apparmor
diff options
context:
space:
mode:
authorValentin Rothberg <vrothberg@suse.com>2018-07-22 17:45:36 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-07-23 18:11:09 +0000
commit8569ed03056ce39e0dc163747089ed4b60b1b9b1 (patch)
treed1ab8cbae6dfc8ef27158f0b8890d2bec275e30d /pkg/apparmor
parent2c11e38b24942a18f43cb27d6c5145850a40be54 (diff)
downloadpodman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.gz
podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.tar.bz2
podman-8569ed03056ce39e0dc163747089ed4b60b1b9b1.zip
AppArmor: runtime check if it's enabled on the host
Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
Diffstat (limited to 'pkg/apparmor')
-rw-r--r--pkg/apparmor/aaparser_test.go3
-rw-r--r--pkg/apparmor/apparmor_linux.go7
-rw-r--r--pkg/apparmor/apparmor_unsupported.go5
3 files changed, 15 insertions, 0 deletions
diff --git a/pkg/apparmor/aaparser_test.go b/pkg/apparmor/aaparser_test.go
index 9d97969c7..296c101ed 100644
--- a/pkg/apparmor/aaparser_test.go
+++ b/pkg/apparmor/aaparser_test.go
@@ -12,6 +12,9 @@ type versionExpected struct {
}
func TestParseVersion(t *testing.T) {
+ if !IsEnabled() {
+ t.Skip("AppArmor disabled: skipping tests")
+ }
versions := []versionExpected{
{
output: `AppArmor parser version 2.10
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
index 6e8b7f312..a09c5fc44 100644
--- a/pkg/apparmor/apparmor_linux.go
+++ b/pkg/apparmor/apparmor_linux.go
@@ -10,8 +10,15 @@ import (
"path"
"strings"
"text/template"
+
+ runcaa "github.com/opencontainers/runc/libcontainer/apparmor"
)
+// IsEnabled returns true if AppArmor is enabled on the host.
+func IsEnabled() bool {
+ return runcaa.IsEnabled()
+}
+
// profileData holds information about the given profile for generation.
type profileData struct {
// Name is profile name.
diff --git a/pkg/apparmor/apparmor_unsupported.go b/pkg/apparmor/apparmor_unsupported.go
index 0f1ab9464..df1336b07 100644
--- a/pkg/apparmor/apparmor_unsupported.go
+++ b/pkg/apparmor/apparmor_unsupported.go
@@ -2,6 +2,11 @@
package apparmor
+// IsEnabled returns true if AppArmor is enabled on the host.
+func IsEnabled() bool {
+ return false
+}
+
// InstallDefault generates a default profile in a temp directory determined by
// os.TempDir(), then loads the profile into the kernel using 'apparmor_parser'.
func InstallDefault(name string) error {