[lxc-devel] [lxd/master] lxd/apparmor: Don't fail on missing apparmor

stgraber on Github lxc-bot at linuxcontainers.org
Sun Aug 2 16:26:35 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 526 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200802/4018b73a/attachment.bin>
-------------- next part --------------
From e88d0ea6392fb059a31faedc47c0d3fd77b5deaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 2 Aug 2020 12:25:31 -0400
Subject: [PATCH] lxd/apparmor: Don't fail on missing apparmor
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This ensures that all the low-level functions properly handle the lack
of AppArmor support.

The higher level functions can therefore ignore this situation entirely.

Signed-off-by: St├ęphane Graber <stgraber at ubuntu.com>
---
 lxd/apparmor/apparmor.go | 24 ++++++++++++++++++------
 lxd/apparmor/instance.go |  2 +-
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/lxd/apparmor/apparmor.go b/lxd/apparmor/apparmor.go
index 59e1604c3b..374a7ca756 100644
--- a/lxd/apparmor/apparmor.go
+++ b/lxd/apparmor/apparmor.go
@@ -143,7 +143,7 @@ func deleteProfile(state *state.State, name string) error {
 		return nil
 	}
 
-	cacheDir, err := getCacheDir()
+	cacheDir, err := getCacheDir(state)
 	if err != nil {
 		return err
 	}
@@ -167,8 +167,12 @@ func deleteProfile(state *state.State, name string) error {
 }
 
 // parserSupports checks if the parser supports a particular feature.
-func parserSupports(feature string) (bool, error) {
-	ver, err := getVersion()
+func parserSupports(state *state.State, feature string) (bool, error) {
+	if !state.OS.AppArmorAvailable {
+		return false, nil
+	}
+
+	ver, err := getVersion(state)
 	if err != nil {
 		return false, err
 	}
@@ -186,7 +190,11 @@ func parserSupports(feature string) (bool, error) {
 }
 
 // getVersion reads and parses the AppArmor version.
-func getVersion() (*version.DottedVersion, error) {
+func getVersion(state *state.State) (*version.DottedVersion, error) {
+	if !state.OS.AppArmorAvailable {
+		return version.NewDottedVersion("0.0")
+	}
+
 	out, err := shared.RunCommand("apparmor_parser", "--version")
 	if err != nil {
 		return nil, err
@@ -197,10 +205,14 @@ func getVersion() (*version.DottedVersion, error) {
 }
 
 // getCacheDir returns the applicable AppArmor cache directory.
-func getCacheDir() (string, error) {
+func getCacheDir(state *state.State) (string, error) {
 	basePath := filepath.Join(aaPath, "cache")
 
-	ver, err := getVersion()
+	if !state.OS.AppArmorAvailable {
+		return basePath, nil
+	}
+
+	ver, err := getVersion(state)
 	if err != nil {
 		return "", err
 	}
diff --git a/lxd/apparmor/instance.go b/lxd/apparmor/instance.go
index ebb3ff4f25..1a2f9b23b7 100644
--- a/lxd/apparmor/instance.go
+++ b/lxd/apparmor/instance.go
@@ -150,7 +150,7 @@ func instanceProfile(state *state.State, inst instance) (string, error) {
 	}
 
 	// Check for features.
-	unixSupported, err := parserSupports("unix")
+	unixSupported, err := parserSupports(state, "unix")
 	if err != nil {
 		return "", err
 	}


More information about the lxc-devel mailing list