Skip to content

Commit fc51a73

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #509 from openSUSE/apparmor
Use IsAppArmorEnabled of Kubernetes instead of local one
2 parents e95d997 + 0edbf7f commit fc51a73

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

68 files changed

+15561
-16
lines changed

go.sum

+3
Original file line numberDiff line numberDiff line change
@@ -570,16 +570,19 @@ k8s.io/kubernetes v1.15.1 h1:bCoCfn9sRFf47U5wn/y6I397hduMEpJ2gh4uN8BUYGI=
570570
k8s.io/kubernetes v1.15.1/go.mod h1:3RE5ikMc73WK+dSxk4pQuQ6ZaJcPXiZX2dj98RcdCuM=
571571
k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20190710032638-4485c6f18cee h1:Pv1KUT8WWWZ9wHx7TH5wfegPdlHE7jUcgd2uTEyz5Z8=
572572
k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20190710032638-4485c6f18cee/go.mod h1:rcBmQEBoKrTUCORrHN/yvdmJPQsGpCEL61sZkMpMX/8=
573+
k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20190710032638-4485c6f18cee h1:Rjp5PVsdNIEGqqRHU2GC0PYREgvZi2bflwTv9u+iZY8=
573574
k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20190710032638-4485c6f18cee/go.mod h1:F6Fl77o501YUXNsJfBI+WAoC0ZcVGbw3FWQYig2Eplw=
574575
k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20190710032638-4485c6f18cee h1:VNiik8VVuTyn3lvS8o6/kA0iQE4s8v9ukCqaRB+bA4s=
575576
k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20190710032638-4485c6f18cee/go.mod h1:ZRwKFnS5pCr5FfuGdHKzAp+wswxz0hFK2TNhXyJu0yk=
577+
k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20190710032638-4485c6f18cee h1:X/qkTA3dFjPHMaNlYcCpMbvHqx9qZY4agFqx3wK0YGM=
576578
k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20190710032638-4485c6f18cee/go.mod h1:MR8Gvr+hMq7Sp+iUZC8K7TrmDqftB95X+HH9M2Fg/gU=
577579
k8s.io/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20190710032638-4485c6f18cee/go.mod h1:dKWyWMnUIiQfD5yrNxeI07y0i6s19N9qnMId+knbLPI=
578580
k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20190710032638-4485c6f18cee h1:+PVF7WJTcmnGYeUK/IZj8g+AQg6cgJii6IkW9T0DkKs=
579581
k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20190710032638-4485c6f18cee/go.mod h1:cqGVyfRWnHvm3qpj/z0rZIczuhfaTNfItPXmIGmVAQQ=
580582
k8s.io/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20190710032638-4485c6f18cee/go.mod h1:861E8pSdrE1y4su5sU2ybvnPMpymHFWZtnFl75mWktE=
581583
k8s.io/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20190710032638-4485c6f18cee/go.mod h1:r5Ddw/Lh5GppfYcOPMtWU06QKtXaHj6iPHSZ3RZeJGU=
582584
k8s.io/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20190710032638-4485c6f18cee/go.mod h1:4Gc8gg/oUtfQgnOvrhYAu1AEwEpSzP8er8bKHbjVJBo=
585+
k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20190710032638-4485c6f18cee h1:5gQdAykyZuNp9P5Xz4CCdJHrEmtrnyU1mZWDg18fGE8=
583586
k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20190710032638-4485c6f18cee/go.mod h1:NJRBXyb9zH0JrIobSBvZBoqUyxFXxcm0bN7Qr6MN12k=
584587
k8s.io/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20190710032638-4485c6f18cee h1:krJ35gZghABwsbPPVEddAAdqmNVh3A5DmUtQpdQrgWQ=
585588
k8s.io/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20190710032638-4485c6f18cee/go.mod h1:XhVkf+UgSE74WCOqaILm64WjkLPWKhqQUKS9NAfQezs=

pkg/validate/apparmor.go

+2-16
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ import (
2727
"github.com/kubernetes-sigs/cri-tools/pkg/framework"
2828
internalapi "k8s.io/cri-api/pkg/apis"
2929
runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
30+
"k8s.io/kubernetes/pkg/security/apparmor"
3031

3132
"github.com/golang/glog"
3233
. "github.com/onsi/ginkgo"
@@ -58,7 +59,7 @@ var _ = framework.KubeDescribe("AppArmor", func() {
5859
var rc internalapi.RuntimeService
5960
var ic internalapi.ImageManagerService
6061

61-
if isAppArmorEnabled() {
62+
if apparmor.IsAppArmorEnabled() {
6263
BeforeEach(func() {
6364
rc = f.CRIClient.CRIRuntimeClient
6465
ic = f.CRIClient.CRIImageClient
@@ -177,18 +178,3 @@ func loadTestProfiles() error {
177178
glog.V(2).Infof("Loaded profiles: %v", out)
178179
return nil
179180
}
180-
181-
// isAppArmorEnabled returns true if apparmor is enabled for the host.
182-
// This function is forked from
183-
// https://github.com/opencontainers/runc/blob/1a81e9ab1f138c091fe5c86d0883f87716088527/libcontainer/apparmor/apparmor.go
184-
// to avoid the libapparmor dependency.
185-
// TODO: replace with k8s.io/kubernetes/pkg/security/apparmor when vendor is possible.
186-
func isAppArmorEnabled() bool {
187-
if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
188-
if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
189-
buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
190-
return err == nil && len(buf) > 1 && buf[0] == 'Y'
191-
}
192-
}
193-
return false
194-
}

vendor/k8s.io/apiextensions-apiserver/LICENSE

+202
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/k8s.io/apiextensions-apiserver/pkg/features/BUILD

+30
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/k8s.io/apiextensions-apiserver/pkg/features/OWNERS

+4
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/k8s.io/apiextensions-apiserver/pkg/features/kube_features.go

+77
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)