5 files changed, 43 insertions, 5 deletions
diff --git a/Makefile b/Makefile
index 3c7f9d74b..e155d31d4 100644
--- a/Makefile
+++ b/Makefile
@@ -127,8 +127,8 @@ help:
 .gopathok:
 ifeq ("$(wildcard $(GOPKGDIR))","")
 	mkdir -p "$(GOPKGBASEDIR)"
-	ln -sf "$(CURDIR)" "$(GOPKGBASEDIR)"
-	ln -sf "$(CURDIR)/vendor/github.com/varlink" "$(FIRST_GOPATH)/src/github.com/varlink"
+	ln -sfnT "$(CURDIR)" "$(GOPKGDIR)"
+	ln -sfnT "$(CURDIR)/vendor/github.com/varlink" "$(FIRST_GOPATH)/src/github.com/varlink"
 endif
 	touch $@
 
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 3577b8e8c..ae181887e 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -305,6 +305,11 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir
 	if err != nil {
 		if exited {
 			// If the runtime exited, propagate the error we got from the process.
+			// We need to remove PID files to ensure no memory leaks
+			if err2 := os.Remove(pidFile); err2 != nil {
+				logrus.Errorf("Error removing exit file for container %s exec session %s: %v", c.ID(), sessionID, err2)
+			}
+
 			return err
 		}
 		return errors.Wrapf(err, "timed out waiting for runtime to create pidfile for exec session in container %s", c.ID())
@@ -312,6 +317,10 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir
 
 	// Pidfile exists, read it
 	contents, err := ioutil.ReadFile(pidFile)
+	// We need to remove PID files to ensure no memory leaks
+	if err2 := os.Remove(pidFile); err2 != nil {
+		logrus.Errorf("Error removing exit file for container %s exec session %s: %v", c.ID(), sessionID, err2)
+	}
 	if err != nil {
 		// We don't know the PID of the exec session
 		// However, it may still be alive
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
index 0d01f41e9..479600408 100644
--- a/pkg/apparmor/apparmor_linux.go
+++ b/pkg/apparmor/apparmor_linux.go
@@ -4,6 +4,7 @@ package apparmor
 
 import (
 	"bufio"
+	"bytes"
 	"fmt"
 	"io"
 	"os"
@@ -104,6 +105,18 @@ func InstallDefault(name string) error {
 	return cmd.Wait()
 }
 
+// DefaultContent returns the default profile content as byte slice. The
+// profile is named as the provided `name`. The function errors if the profile
+// generation fails.
+func DefaultContent(name string) ([]byte, error) {
+	p := profileData{Name: name}
+	var bytes bytes.Buffer
+	if err := p.generateDefault(&bytes); err != nil {
+		return nil, err
+	}
+	return bytes.Bytes(), nil
+}
+
 // IsLoaded checks if a profile with the given name has been loaded into the
 // kernel.
 func IsLoaded(name string) (bool, error) {
diff --git a/pkg/apparmor/apparmor_linux_test.go b/pkg/apparmor/apparmor_linux_test.go
index ac3260723..e94293d87 100644
--- a/pkg/apparmor/apparmor_linux_test.go
+++ b/pkg/apparmor/apparmor_linux_test.go
@@ -78,10 +78,12 @@ Copyright 2009-2012 Canonical Ltd.
 	}
 }
 
-func TestInstallDefault(t *testing.T) {
-	profile := "libpod-default-testing"
-	aapath := "/sys/kernel/security/apparmor/"
+const (
+	aapath  = "/sys/kernel/security/apparmor/"
+	profile = "libpod-default-testing"
+)
 
+func TestInstallDefault(t *testing.T) {
 	if _, err := os.Stat(aapath); err != nil {
 		t.Skip("AppArmor isn't available in this environment")
 	}
@@ -127,3 +129,12 @@ func TestInstallDefault(t *testing.T) {
 	}
 	checkLoaded(false)
 }
+
+func TestDefaultContent(t *testing.T) {
+	if _, err := os.Stat(aapath); err != nil {
+		t.Skip("AppArmor isn't available in this environment")
+	}
+	if err := DefaultContent(profile); err != nil {
+		t.Fatalf("Couldn't retrieve default AppArmor profile content '%s': %v", profile, err)
+	}
+}
diff --git a/pkg/apparmor/apparmor_unsupported.go b/pkg/apparmor/apparmor_unsupported.go
index b2b4de5f5..13469f1b6 100644
--- a/pkg/apparmor/apparmor_unsupported.go
+++ b/pkg/apparmor/apparmor_unsupported.go
@@ -24,3 +24,8 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
 	}
 	return "", ErrApparmorUnsupported
 }
+
+// DefaultContent dummy.
+func DefaultContent(name string) ([]byte, error) {
+	return nil, nil
+}