diff options
Diffstat (limited to 'vendor/github.com/opencontainers/runc/libcontainer/apparmor')
3 files changed, 24 insertions, 13 deletions
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go new file mode 100644 index 000000000..4b03d4c71 --- /dev/null +++ b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go @@ -0,0 +1,16 @@ +package apparmor + +import "errors" + +var ( + // IsEnabled returns true if apparmor is enabled for the host. + IsEnabled = isEnabled + + // ApplyProfile will apply the profile with the specified name to the process after + // the next exec. It is only supported on Linux and produces an ErrApparmorNotEnabled + // on other platforms. + ApplyProfile = applyProfile + + // ErrApparmorNotEnabled indicates that AppArmor is not enabled or not supported. + ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported") +) diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go index 5da14fb3b..744d4e570 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go @@ -15,8 +15,8 @@ var ( checkAppArmor sync.Once ) -// IsEnabled returns true if apparmor is enabled for the host. -func IsEnabled() bool { +// isEnabled returns true if apparmor is enabled for the host. +func isEnabled() bool { checkAppArmor.Do(func() { if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil { buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") @@ -57,9 +57,10 @@ func changeOnExec(name string) error { return nil } -// ApplyProfile will apply the profile with the specified name to the process after -// the next exec. -func ApplyProfile(name string) error { +// applyProfile will apply the profile with the specified name to the process after +// the next exec. It is only supported on Linux and produces an error on other +// platforms. +func applyProfile(name string) error { if name == "" { return nil } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_unsupported.go b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_unsupported.go index 0bc473f81..1adadafec 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_unsupported.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_unsupported.go @@ -2,17 +2,11 @@ package apparmor -import ( - "errors" -) - -var ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported") - -func IsEnabled() bool { +func isEnabled() bool { return false } -func ApplyProfile(name string) error { +func applyProfile(name string) error { if name != "" { return ErrApparmorNotEnabled } |