From 8569ed03056ce39e0dc163747089ed4b60b1b9b1 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Sun, 22 Jul 2018 17:45:36 +0200 Subject: AppArmor: runtime check if it's enabled on the host Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg Closes: #1128 Approved by: mheon --- pkg/apparmor/aaparser_test.go | 3 +++ pkg/apparmor/apparmor_linux.go | 7 +++++++ pkg/apparmor/apparmor_unsupported.go | 5 +++++ 3 files changed, 15 insertions(+) (limited to 'pkg') diff --git a/pkg/apparmor/aaparser_test.go b/pkg/apparmor/aaparser_test.go index 9d97969c7..296c101ed 100644 --- a/pkg/apparmor/aaparser_test.go +++ b/pkg/apparmor/aaparser_test.go @@ -12,6 +12,9 @@ type versionExpected struct { } func TestParseVersion(t *testing.T) { + if !IsEnabled() { + t.Skip("AppArmor disabled: skipping tests") + } versions := []versionExpected{ { output: `AppArmor parser version 2.10 diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go index 6e8b7f312..a09c5fc44 100644 --- a/pkg/apparmor/apparmor_linux.go +++ b/pkg/apparmor/apparmor_linux.go @@ -10,8 +10,15 @@ import ( "path" "strings" "text/template" + + runcaa "github.com/opencontainers/runc/libcontainer/apparmor" ) +// IsEnabled returns true if AppArmor is enabled on the host. +func IsEnabled() bool { + return runcaa.IsEnabled() +} + // profileData holds information about the given profile for generation. type profileData struct { // Name is profile name. diff --git a/pkg/apparmor/apparmor_unsupported.go b/pkg/apparmor/apparmor_unsupported.go index 0f1ab9464..df1336b07 100644 --- a/pkg/apparmor/apparmor_unsupported.go +++ b/pkg/apparmor/apparmor_unsupported.go @@ -2,6 +2,11 @@ package apparmor +// IsEnabled returns true if AppArmor is enabled on the host. +func IsEnabled() bool { + return false +} + // InstallDefault generates a default profile in a temp directory determined by // os.TempDir(), then loads the profile into the kernel using 'apparmor_parser'. func InstallDefault(name string) error { -- cgit v1.2.3-54-g00ecf