Skip to content

Commit 0f043ae

Browse files
AkihiroSudafuweid
AkihiroSuda
and
fuweid
committed
seccomp, apparmor: add go:noinline
Tests in pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline since Go 1.21. e.g., > ``` > === FAIL: pkg/cri/sbserver TestGenerateSeccompSecurityProfileSpecOpts/should_set_default_seccomp_when_seccomp_is_runtime/default (0.00s) > container_create_linux_test.go:1013: > Error Trace: /home/runner/work/containerd/containerd/pkg/cri/sbserver/container_create_linux_test.go:1013 > Error: Not equal: > expected: 0x263d880 > actual : 0x263cbc0 > Test: TestGenerateSeccompSecurityProfileSpecOpts/should_set_default_seccomp_when_seccomp_is_runtime/default > ``` See comments in PR 8957. Thanks to Wei Fu for analyzing this. Co-authored-by: Wei Fu <[email protected]> Signed-off-by: Akihiro Suda <[email protected]>
1 parent 5d9bf7d commit 0f043ae

2 files changed

Lines changed: 15 additions & 0 deletions

File tree

contrib/apparmor/apparmor.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,11 @@ func WithProfile(profile string) oci.SpecOpts {
3939

4040
// WithDefaultProfile will generate a default apparmor profile under the provided name
4141
// for the container. It is only generated if a profile under that name does not exist.
42+
//
43+
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
44+
// since Go 1.21.
45+
//
46+
//go:noinline
4247
func WithDefaultProfile(name string) oci.SpecOpts {
4348
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
4449
if err := LoadDefaultProfile(name); err != nil {

contrib/seccomp/seccomp.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,11 @@ import (
3030
// WithProfile receives the name of a file stored on disk comprising a json
3131
// formatted seccomp profile, as specified by the opencontainers/runtime-spec.
3232
// The profile is read from the file, unmarshaled, and set to the spec.
33+
//
34+
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
35+
// since Go 1.21.
36+
//
37+
//go:noinline
3338
func WithProfile(profile string) oci.SpecOpts {
3439
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
3540
s.Linux.Seccomp = &specs.LinuxSeccomp{}
@@ -46,6 +51,11 @@ func WithProfile(profile string) oci.SpecOpts {
4651

4752
// WithDefaultProfile sets the default seccomp profile to the spec.
4853
// Note: must follow the setting of process capabilities
54+
//
55+
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
56+
// since Go 1.21.
57+
//
58+
//go:noinline
4959
func WithDefaultProfile() oci.SpecOpts {
5060
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
5161
s.Linux.Seccomp = DefaultProfile(s)

0 commit comments

Comments
 (0)