Skip to content

Commit

Permalink
Use IsAppArmorEnabled of Kubernetes instead of local one
Browse files Browse the repository at this point in the history
The function is now available so we can use this one instead of our own
implementation.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
  • Loading branch information
saschagrunert committed Aug 21, 2019
1 parent cd664e8 commit 0edbf7f
Show file tree
Hide file tree
Showing 68 changed files with 15,561 additions and 16 deletions.
3 changes: 3 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -570,16 +570,19 @@ k8s.io/kubernetes v1.15.1 h1:bCoCfn9sRFf47U5wn/y6I397hduMEpJ2gh4uN8BUYGI=
k8s.io/kubernetes v1.15.1/go.mod h1:3RE5ikMc73WK+dSxk4pQuQ6ZaJcPXiZX2dj98RcdCuM=
k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20190710032638-4485c6f18cee h1:Pv1KUT8WWWZ9wHx7TH5wfegPdlHE7jUcgd2uTEyz5Z8=
k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20190710032638-4485c6f18cee/go.mod h1:rcBmQEBoKrTUCORrHN/yvdmJPQsGpCEL61sZkMpMX/8=
k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20190710032638-4485c6f18cee h1:Rjp5PVsdNIEGqqRHU2GC0PYREgvZi2bflwTv9u+iZY8=
k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20190710032638-4485c6f18cee/go.mod h1:F6Fl77o501YUXNsJfBI+WAoC0ZcVGbw3FWQYig2Eplw=
k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20190710032638-4485c6f18cee h1:VNiik8VVuTyn3lvS8o6/kA0iQE4s8v9ukCqaRB+bA4s=
k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20190710032638-4485c6f18cee/go.mod h1:ZRwKFnS5pCr5FfuGdHKzAp+wswxz0hFK2TNhXyJu0yk=
k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20190710032638-4485c6f18cee h1:X/qkTA3dFjPHMaNlYcCpMbvHqx9qZY4agFqx3wK0YGM=
k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20190710032638-4485c6f18cee/go.mod h1:MR8Gvr+hMq7Sp+iUZC8K7TrmDqftB95X+HH9M2Fg/gU=
k8s.io/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20190710032638-4485c6f18cee/go.mod h1:dKWyWMnUIiQfD5yrNxeI07y0i6s19N9qnMId+knbLPI=
k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20190710032638-4485c6f18cee h1:+PVF7WJTcmnGYeUK/IZj8g+AQg6cgJii6IkW9T0DkKs=
k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20190710032638-4485c6f18cee/go.mod h1:cqGVyfRWnHvm3qpj/z0rZIczuhfaTNfItPXmIGmVAQQ=
k8s.io/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20190710032638-4485c6f18cee/go.mod h1:861E8pSdrE1y4su5sU2ybvnPMpymHFWZtnFl75mWktE=
k8s.io/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20190710032638-4485c6f18cee/go.mod h1:r5Ddw/Lh5GppfYcOPMtWU06QKtXaHj6iPHSZ3RZeJGU=
k8s.io/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20190710032638-4485c6f18cee/go.mod h1:4Gc8gg/oUtfQgnOvrhYAu1AEwEpSzP8er8bKHbjVJBo=
k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20190710032638-4485c6f18cee h1:5gQdAykyZuNp9P5Xz4CCdJHrEmtrnyU1mZWDg18fGE8=
k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20190710032638-4485c6f18cee/go.mod h1:NJRBXyb9zH0JrIobSBvZBoqUyxFXxcm0bN7Qr6MN12k=
k8s.io/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20190710032638-4485c6f18cee h1:krJ35gZghABwsbPPVEddAAdqmNVh3A5DmUtQpdQrgWQ=
k8s.io/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20190710032638-4485c6f18cee/go.mod h1:XhVkf+UgSE74WCOqaILm64WjkLPWKhqQUKS9NAfQezs=
Expand Down
18 changes: 2 additions & 16 deletions pkg/validate/apparmor.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"github.com/kubernetes-sigs/cri-tools/pkg/framework"
internalapi "k8s.io/cri-api/pkg/apis"
runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
"k8s.io/kubernetes/pkg/security/apparmor"

"github.com/golang/glog"
. "github.com/onsi/ginkgo"
Expand Down Expand Up @@ -58,7 +59,7 @@ var _ = framework.KubeDescribe("AppArmor", func() {
var rc internalapi.RuntimeService
var ic internalapi.ImageManagerService

if isAppArmorEnabled() {
if apparmor.IsAppArmorEnabled() {
BeforeEach(func() {
rc = f.CRIClient.CRIRuntimeClient
ic = f.CRIClient.CRIImageClient
Expand Down Expand Up @@ -177,18 +178,3 @@ func loadTestProfiles() error {
glog.V(2).Infof("Loaded profiles: %v", out)
return nil
}

// isAppArmorEnabled returns true if apparmor is enabled for the host.
// This function is forked from
// https://github.com/opencontainers/runc/blob/1a81e9ab1f138c091fe5c86d0883f87716088527/libcontainer/apparmor/apparmor.go
// to avoid the libapparmor dependency.
// TODO: replace with k8s.io/kubernetes/pkg/security/apparmor when vendor is possible.
func isAppArmorEnabled() bool {
if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
return err == nil && len(buf) > 1 && buf[0] == 'Y'
}
}
return false
}
202 changes: 202 additions & 0 deletions vendor/k8s.io/apiextensions-apiserver/LICENSE

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions vendor/k8s.io/apiextensions-apiserver/pkg/features/BUILD

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions vendor/k8s.io/apiextensions-apiserver/pkg/features/OWNERS

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 0edbf7f

Please sign in to comment.