containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #185 from openSUSE/aa-profiles 

Fix AppArmor profile prefix and name
This commit is contained in:
Daniel J Walsh 2020-06-23 12:47:40 -04:00 committed by GitHub
parent 01d5c39941 4a58c879e2
commit 156821e284
4 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common/pkg/apparmor/apparmor.go
View File

@ -2,14 +2,16 @@ package apparmor
import ( import (
"errors" "errors"
"github.com/containers/common/pkg/version"
) )
const ( const (
// ProfilePrefix is used for version-independent presence checks. // ProfilePrefix is used for version-independent presence checks.
ProfilePrefix = "apparmor_profile" ProfilePrefix = "containers-default-"
// Profile default name // Profile default name
Profile = "container-default" Profile = ProfilePrefix + version.Version
) )
var ( var (

9
common/pkg/apparmor/apparmor_linux.go
View File

@ -255,9 +255,11 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
} }
} }
// If the specified name is not empty or is not a default libpod one, if name == "" {
// ignore it and return the name. name = Profile
if name != "" && !strings.HasPrefix(name, ProfilePrefix) { } else if !strings.HasPrefix(name, ProfilePrefix) {
// If the specified name is not a default one, ignore it and return the
// name.
isLoaded, err := IsLoaded(name) isLoaded, err := IsLoaded(name)
if err != nil { if err != nil {
return "", err return "", err
@ -268,7 +270,6 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
return name, nil return name, nil
} }
name = Profile
// To avoid expensive redundant loads on each invocation, check // To avoid expensive redundant loads on each invocation, check
// if it's loaded before installing it. // if it's loaded before installing it.
isLoaded, err := IsLoaded(name) isLoaded, err := IsLoaded(name)

5
common/pkg/config/config_test.go
View File

@ -5,6 +5,7 @@ import (
"sort" "sort"
"strings" "strings"
"github.com/containers/common/pkg/apparmor"
"github.com/containers/common/pkg/capabilities" "github.com/containers/common/pkg/capabilities"
. "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo"
"github.com/onsi/gomega" "github.com/onsi/gomega"
@ -22,7 +23,7 @@ var _ = Describe("Config", func() {
// Then // Then
gomega.Expect(err).To(gomega.BeNil()) gomega.Expect(err).To(gomega.BeNil())
gomega.Expect(defaultConfig.Containers.ApparmorProfile).To(gomega.Equal("container-default")) gomega.Expect(defaultConfig.Containers.ApparmorProfile).To(gomega.Equal(apparmor.Profile))
gomega.Expect(defaultConfig.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048)) gomega.Expect(defaultConfig.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048))
}) })
@ -235,7 +236,7 @@ var _ = Describe("Config", func() {
config, err := NewConfig("") config, err := NewConfig("")
// Then // Then
gomega.Expect(err).To(gomega.BeNil()) gomega.Expect(err).To(gomega.BeNil())
gomega.Expect(config.Containers.ApparmorProfile).To(gomega.Equal("container-default")) gomega.Expect(config.Containers.ApparmorProfile).To(gomega.Equal(apparmor.Profile))
gomega.Expect(config.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048)) gomega.Expect(config.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048))
gomega.Expect(config.Containers.Env).To(gomega.BeEquivalentTo(envs)) gomega.Expect(config.Containers.Env).To(gomega.BeEquivalentTo(envs))
gomega.Expect(config.Network.CNIPluginDirs).To(gomega.Equal(pluginDirs)) gomega.Expect(config.Network.CNIPluginDirs).To(gomega.Equal(pluginDirs))

4
common/pkg/version/version.go Normal file
View File

@ -0,0 +1,4 @@
package version
// Version is the version of the build.
const Version = "0.15.0-dev"