summaryrefslogtreecommitdiff
path: root/pkg/apparmor
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/apparmor')
-rw-r--r--pkg/apparmor/aaparser_test.go3
-rw-r--r--pkg/apparmor/apparmor_linux.go7
-rw-r--r--pkg/apparmor/apparmor_unsupported.go5
3 files changed, 15 insertions, 0 deletions
diff --git a/pkg/apparmor/aaparser_test.go b/pkg/apparmor/aaparser_test.go
index 9d97969c7..296c101ed 100644
--- a/pkg/apparmor/aaparser_test.go
+++ b/pkg/apparmor/aaparser_test.go
@@ -12,6 +12,9 @@ type versionExpected struct {
}
func TestParseVersion(t *testing.T) {
+ if !IsEnabled() {
+ t.Skip("AppArmor disabled: skipping tests")
+ }
versions := []versionExpected{
{
output: `AppArmor parser version 2.10
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
index 6e8b7f312..a09c5fc44 100644
--- a/pkg/apparmor/apparmor_linux.go
+++ b/pkg/apparmor/apparmor_linux.go
@@ -10,8 +10,15 @@ import (
"path"
"strings"
"text/template"
+
+ runcaa "github.com/opencontainers/runc/libcontainer/apparmor"
)
+// IsEnabled returns true if AppArmor is enabled on the host.
+func IsEnabled() bool {
+ return runcaa.IsEnabled()
+}
+
// profileData holds information about the given profile for generation.
type profileData struct {
// Name is profile name.
diff --git a/pkg/apparmor/apparmor_unsupported.go b/pkg/apparmor/apparmor_unsupported.go
index 0f1ab9464..df1336b07 100644
--- a/pkg/apparmor/apparmor_unsupported.go
+++ b/pkg/apparmor/apparmor_unsupported.go
@@ -2,6 +2,11 @@
package apparmor
+// IsEnabled returns true if AppArmor is enabled on the host.
+func IsEnabled() bool {
+ return false
+}
+
// InstallDefault generates a default profile in a temp directory determined by
// os.TempDir(), then loads the profile into the kernel using 'apparmor_parser'.
func InstallDefault(name string) error {