diff options
| author | Matthew Heon <matthew.heon@gmail.com> | 2018-02-28 16:55:00 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-03-01 13:20:16 +0000 |
| commit | 72b975ee3bc53b3b657c50a867ce73251a15d16a (patch) | |
| tree | c5f61b8eca8106f9b9a49c1cfed02f8198539ad5 /vendor/github.com/opencontainers/runc/libcontainer/apparmor | |
| parent | b1ae92fa6711de378d3bf0c6553f633f070d68c3 (diff) | |
| download | podman-72b975ee3bc53b3b657c50a867ce73251a15d16a.tar.gz podman-72b975ee3bc53b3b657c50a867ce73251a15d16a.tar.bz2 podman-72b975ee3bc53b3b657c50a867ce73251a15d16a.zip | |
Remove unused runc files
We no longer use runc code to read network I/O usage. This lets
us remove a lot of vendored code.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #425
Approved by: rhatdan
Diffstat (limited to 'vendor/github.com/opencontainers/runc/libcontainer/apparmor')
| -rw-r--r-- | vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go | 54 | ||||
| -rw-r--r-- | vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go | 20 |
2 files changed, 0 insertions, 74 deletions
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go deleted file mode 100644 index 7fff0627f..000000000 --- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go +++ /dev/null @@ -1,54 +0,0 @@ -// +build apparmor,linux - -package apparmor - -import ( - "fmt" - "io/ioutil" - "os" -) - -// IsEnabled returns true if apparmor is enabled for the host. -func IsEnabled() bool { - if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" { - if _, err = os.Stat("/sbin/apparmor_parser"); err == nil { - buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") - return err == nil && len(buf) > 1 && buf[0] == 'Y' - } - } - return false -} - -func setprocattr(attr, value string) error { - // Under AppArmor you can only change your own attr, so use /proc/self/ - // instead of /proc/<tid>/ like libapparmor does - path := fmt.Sprintf("/proc/self/attr/%s", attr) - - f, err := os.OpenFile(path, os.O_WRONLY, 0) - if err != nil { - return err - } - defer f.Close() - - _, err = fmt.Fprintf(f, "%s", value) - return err -} - -// changeOnExec reimplements aa_change_onexec from libapparmor in Go -func changeOnExec(name string) error { - value := "exec " + name - if err := setprocattr("exec", value); err != nil { - return fmt.Errorf("apparmor failed to apply profile: %s", err) - } - return nil -} - -// ApplyProfile will apply the profile with the specified name to the process after -// the next exec. -func ApplyProfile(name string) error { - if name == "" { - return nil - } - - return changeOnExec(name) -} diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go deleted file mode 100644 index d4110cf0b..000000000 --- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go +++ /dev/null @@ -1,20 +0,0 @@ -// +build !apparmor !linux - -package apparmor - -import ( - "errors" -) - -var ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported") - -func IsEnabled() bool { - return false -} - -func ApplyProfile(name string) error { - if name != "" { - return ErrApparmorNotEnabled - } - return nil -} |