[lxc-devel] [lxd/master] lxd/apparmor: Don't fail on missing apparmor
stgraber on Github
lxc-bot at linuxcontainers.org
Sun Aug 2 16:26:35 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 526 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200802/4018b73a/attachment.bin>
-------------- next part --------------
From e88d0ea6392fb059a31faedc47c0d3fd77b5deaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 2 Aug 2020 12:25:31 -0400
Subject: [PATCH] lxd/apparmor: Don't fail on missing apparmor
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This ensures that all the low-level functions properly handle the lack
of AppArmor support.
The higher level functions can therefore ignore this situation entirely.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/apparmor/apparmor.go | 24 ++++++++++++++++++------
lxd/apparmor/instance.go | 2 +-
2 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/lxd/apparmor/apparmor.go b/lxd/apparmor/apparmor.go
index 59e1604c3b..374a7ca756 100644
--- a/lxd/apparmor/apparmor.go
+++ b/lxd/apparmor/apparmor.go
@@ -143,7 +143,7 @@ func deleteProfile(state *state.State, name string) error {
return nil
}
- cacheDir, err := getCacheDir()
+ cacheDir, err := getCacheDir(state)
if err != nil {
return err
}
@@ -167,8 +167,12 @@ func deleteProfile(state *state.State, name string) error {
}
// parserSupports checks if the parser supports a particular feature.
-func parserSupports(feature string) (bool, error) {
- ver, err := getVersion()
+func parserSupports(state *state.State, feature string) (bool, error) {
+ if !state.OS.AppArmorAvailable {
+ return false, nil
+ }
+
+ ver, err := getVersion(state)
if err != nil {
return false, err
}
@@ -186,7 +190,11 @@ func parserSupports(feature string) (bool, error) {
}
// getVersion reads and parses the AppArmor version.
-func getVersion() (*version.DottedVersion, error) {
+func getVersion(state *state.State) (*version.DottedVersion, error) {
+ if !state.OS.AppArmorAvailable {
+ return version.NewDottedVersion("0.0")
+ }
+
out, err := shared.RunCommand("apparmor_parser", "--version")
if err != nil {
return nil, err
@@ -197,10 +205,14 @@ func getVersion() (*version.DottedVersion, error) {
}
// getCacheDir returns the applicable AppArmor cache directory.
-func getCacheDir() (string, error) {
+func getCacheDir(state *state.State) (string, error) {
basePath := filepath.Join(aaPath, "cache")
- ver, err := getVersion()
+ if !state.OS.AppArmorAvailable {
+ return basePath, nil
+ }
+
+ ver, err := getVersion(state)
if err != nil {
return "", err
}
diff --git a/lxd/apparmor/instance.go b/lxd/apparmor/instance.go
index ebb3ff4f25..1a2f9b23b7 100644
--- a/lxd/apparmor/instance.go
+++ b/lxd/apparmor/instance.go
@@ -150,7 +150,7 @@ func instanceProfile(state *state.State, inst instance) (string, error) {
}
// Check for features.
- unixSupported, err := parserSupports("unix")
+ unixSupported, err := parserSupports(state, "unix")
if err != nil {
return "", err
}
More information about the lxc-devel
mailing list