diff options
| author | dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 2021-05-11 06:19:24 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-11 06:19:24 +0000 |
| commit | d71672c57b5e9e41cb526b290b8b3704232e814a (patch) | |
| tree | 04e0bbc73670649bee252a785f7844e195191699 /vendor/github.com/opencontainers/runc/libcontainer/apparmor | |
| parent | 57b642525b674f99835b1abf510d1beef7bc0a23 (diff) | |
| download | podman-d71672c57b5e9e41cb526b290b8b3704232e814a.tar.gz podman-d71672c57b5e9e41cb526b290b8b3704232e814a.tar.bz2 podman-d71672c57b5e9e41cb526b290b8b3704232e814a.zip | |
Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.0-rc93 to 1.0.0-rc94.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Commits](https://github.com/opencontainers/runc/compare/v1.0.0-rc93...v1.0.0-rc94)
Signed-off-by: dependabot[bot] <support@github.com>
Diffstat (limited to 'vendor/github.com/opencontainers/runc/libcontainer/apparmor')
| -rw-r--r-- | vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go index 73965f12d..5da14fb3b 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go @@ -1,27 +1,41 @@ package apparmor import ( - "bytes" + "errors" "fmt" "io/ioutil" "os" + "sync" "github.com/opencontainers/runc/libcontainer/utils" ) +var ( + appArmorEnabled bool + checkAppArmor sync.Once +) + // IsEnabled returns true if apparmor is enabled for the host. func IsEnabled() bool { - if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil { - buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") - return err == nil && bytes.HasPrefix(buf, []byte("Y")) - } - return false + checkAppArmor.Do(func() { + if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil { + buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") + appArmorEnabled = err == nil && len(buf) > 1 && buf[0] == 'Y' + } + }) + return appArmorEnabled } func setProcAttr(attr, value string) error { // Under AppArmor you can only change your own attr, so use /proc/self/ // instead of /proc/<tid>/ like libapparmor does - f, err := os.OpenFile("/proc/self/attr/"+attr, os.O_WRONLY, 0) + attrPath := "/proc/self/attr/apparmor/" + attr + if _, err := os.Stat(attrPath); errors.Is(err, os.ErrNotExist) { + // fall back to the old convention + attrPath = "/proc/self/attr/" + attr + } + + f, err := os.OpenFile(attrPath, os.O_WRONLY, 0) if err != nil { return err } |