diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-03-17 14:43:10 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-03-18 20:27:25 +0100 |
| commit | ec1651fbf11c4d3d1c792e7f46139ebd96f7ffb2 (patch) | |
| tree | 61606abbce5e8efbf0c1f0c0ff6fe1c785c8a203 /vendor/github.com/opencontainers/runc/libcontainer/apparmor | |
| parent | 77b3a2df645f2548f7bd2da85bbdb17e4de98310 (diff) | |
| download | podman-ec1651fbf11c4d3d1c792e7f46139ebd96f7ffb2.tar.gz podman-ec1651fbf11c4d3d1c792e7f46139ebd96f7ffb2.tar.bz2 podman-ec1651fbf11c4d3d1c792e7f46139ebd96f7ffb2.zip | |
Bump github.com/containers/storage from 1.25.0 to 1.28.0
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.25.0 to 1.28.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.25.0...v1.28.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'vendor/github.com/opencontainers/runc/libcontainer/apparmor')
| -rw-r--r-- | vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go (renamed from vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go) | 20 | ||||
| -rw-r--r-- | vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_unsupported.go (renamed from vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go) | 2 |
2 files changed, 8 insertions, 14 deletions
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go index debfc1e48..73965f12d 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go @@ -1,8 +1,7 @@ -// +build apparmor,linux - package apparmor import ( + "bytes" "fmt" "io/ioutil" "os" @@ -12,11 +11,9 @@ import ( // IsEnabled returns true if apparmor is enabled for the host. func IsEnabled() bool { - if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" { - if _, err = os.Stat("/sbin/apparmor_parser"); err == nil { - buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") - return err == nil && len(buf) > 1 && buf[0] == 'Y' - } + if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil { + buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") + return err == nil && bytes.HasPrefix(buf, []byte("Y")) } return false } @@ -24,9 +21,7 @@ func IsEnabled() bool { func setProcAttr(attr, value string) error { // Under AppArmor you can only change your own attr, so use /proc/self/ // instead of /proc/<tid>/ like libapparmor does - path := fmt.Sprintf("/proc/self/attr/%s", attr) - - f, err := os.OpenFile(path, os.O_WRONLY, 0) + f, err := os.OpenFile("/proc/self/attr/"+attr, os.O_WRONLY, 0) if err != nil { return err } @@ -36,14 +31,13 @@ func setProcAttr(attr, value string) error { return err } - _, err = fmt.Fprintf(f, "%s", value) + _, err = f.WriteString(value) return err } // changeOnExec reimplements aa_change_onexec from libapparmor in Go func changeOnExec(name string) error { - value := "exec " + name - if err := setProcAttr("exec", value); err != nil { + if err := setProcAttr("exec", "exec "+name); err != nil { return fmt.Errorf("apparmor failed to apply profile: %s", err) } return nil diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_unsupported.go index d4110cf0b..0bc473f81 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_unsupported.go @@ -1,4 +1,4 @@ -// +build !apparmor !linux +// +build !linux package apparmor |