Use IsAppArmorEnabled of Kubernetes instead of local one

go.sum

@@ -570,16 +570,19 @@ k8s.io/kubernetes v1.15.1 h1:bCoCfn9sRFf47U5wn/y6I397hduMEpJ2gh4uN8BUYGI=
 k8s.io/kubernetes v1.15.1/go.mod h1:3RE5ikMc73WK+dSxk4pQuQ6ZaJcPXiZX2dj98RcdCuM=
 k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20190710032638-4485c6f18cee h1:Pv1KUT8WWWZ9wHx7TH5wfegPdlHE7jUcgd2uTEyz5Z8=
 k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20190710032638-4485c6f18cee/go.mod h1:rcBmQEBoKrTUCORrHN/yvdmJPQsGpCEL61sZkMpMX/8=
+k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20190710032638-4485c6f18cee h1:Rjp5PVsdNIEGqqRHU2GC0PYREgvZi2bflwTv9u+iZY8=
 k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20190710032638-4485c6f18cee/go.mod h1:F6Fl77o501YUXNsJfBI+WAoC0ZcVGbw3FWQYig2Eplw=
 k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20190710032638-4485c6f18cee h1:VNiik8VVuTyn3lvS8o6/kA0iQE4s8v9ukCqaRB+bA4s=
 k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20190710032638-4485c6f18cee/go.mod h1:ZRwKFnS5pCr5FfuGdHKzAp+wswxz0hFK2TNhXyJu0yk=
+k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20190710032638-4485c6f18cee h1:X/qkTA3dFjPHMaNlYcCpMbvHqx9qZY4agFqx3wK0YGM=
 k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20190710032638-4485c6f18cee/go.mod h1:MR8Gvr+hMq7Sp+iUZC8K7TrmDqftB95X+HH9M2Fg/gU=
 k8s.io/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20190710032638-4485c6f18cee/go.mod h1:dKWyWMnUIiQfD5yrNxeI07y0i6s19N9qnMId+knbLPI=
 k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20190710032638-4485c6f18cee h1:+PVF7WJTcmnGYeUK/IZj8g+AQg6cgJii6IkW9T0DkKs=
 k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20190710032638-4485c6f18cee/go.mod h1:cqGVyfRWnHvm3qpj/z0rZIczuhfaTNfItPXmIGmVAQQ=
 k8s.io/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20190710032638-4485c6f18cee/go.mod h1:861E8pSdrE1y4su5sU2ybvnPMpymHFWZtnFl75mWktE=
 k8s.io/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20190710032638-4485c6f18cee/go.mod h1:r5Ddw/Lh5GppfYcOPMtWU06QKtXaHj6iPHSZ3RZeJGU=
 k8s.io/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20190710032638-4485c6f18cee/go.mod h1:4Gc8gg/oUtfQgnOvrhYAu1AEwEpSzP8er8bKHbjVJBo=
+k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20190710032638-4485c6f18cee h1:5gQdAykyZuNp9P5Xz4CCdJHrEmtrnyU1mZWDg18fGE8=
 k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20190710032638-4485c6f18cee/go.mod h1:NJRBXyb9zH0JrIobSBvZBoqUyxFXxcm0bN7Qr6MN12k=
 k8s.io/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20190710032638-4485c6f18cee h1:krJ35gZghABwsbPPVEddAAdqmNVh3A5DmUtQpdQrgWQ=
 k8s.io/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20190710032638-4485c6f18cee/go.mod h1:XhVkf+UgSE74WCOqaILm64WjkLPWKhqQUKS9NAfQezs=

pkg/validate/apparmor.go

@@ -27,6 +27,7 @@ import (
 	"github.com/kubernetes-sigs/cri-tools/pkg/framework"
 	internalapi "k8s.io/cri-api/pkg/apis"
 	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
+	"k8s.io/kubernetes/pkg/security/apparmor"
 
 	"github.com/golang/glog"
 	. "github.com/onsi/ginkgo"
@@ -58,7 +59,7 @@ var _ = framework.KubeDescribe("AppArmor", func() {
 	var rc internalapi.RuntimeService
 	var ic internalapi.ImageManagerService
 
-	if isAppArmorEnabled() {
+	if apparmor.IsAppArmorEnabled() {
 		BeforeEach(func() {
 			rc = f.CRIClient.CRIRuntimeClient
 			ic = f.CRIClient.CRIImageClient
@@ -177,18 +178,3 @@ func loadTestProfiles() error {
 	glog.V(2).Infof("Loaded profiles: %v", out)
 	return nil
 }
-
-// isAppArmorEnabled returns true if apparmor is enabled for the host.
-// This function is forked from
-// https://github.com/opencontainers/runc/blob/1a81e9ab1f138c091fe5c86d0883f87716088527/libcontainer/apparmor/apparmor.go
-// to avoid the libapparmor dependency.
-// TODO: replace with k8s.io/kubernetes/pkg/security/apparmor when vendor is possible.
-func isAppArmorEnabled() bool {
-	if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
-		if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
-			buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
-			return err == nil && len(buf) > 1 && buf[0] == 'Y'
-		}
-	}
-	return false
-}