Commit 3a0a35b
committed
Revert "Don't check for apparmor_parser to be present"
This reverts commit 1acca8b.
As stated in the Godoc, this function is intended to check for presence
of `apparmor_parser`. Changing this regressed the public API of
containerd, and directly contradicts the way that this function is
consumed inside of containerd itself:
* https://github.com/containerd/containerd/blob/fdfdc9bfc0f865a43c88171110615d1510fad3bc/pkg/apparmor/apparmor.go#L20
* https://github.com/containerd/containerd/blob/fdfdc9bfc0f865a43c88171110615d1510fad3bc/pkg/cri/sbserver/helpers_linux.go#L85
* https://github.com/containerd/containerd/blob/fdfdc9bfc0f865a43c88171110615d1510fad3bc/pkg/cri/server/helpers_linux.go#L144
This has lead to a number of painful regressions and attempted fixes in
Moby:
* moby/moby#44900
* moby/moby#44902
* moby/moby#44970
While reverting this late into the life of 1.6 and at the start of the
life of 1.7 is likely painful, I think this is ultimately the best path
to take, as containerd is subject to the same failure to start
containers with an AppArmor kernel when `apparmor_parser` is missing as
Moby.
Signed-off-by: Bjorn Neergaard <[email protected]>
(cherry picked from commit a326510)
Signed-off-by: Bjorn Neergaard <[email protected]>1 parent c553746 commit 3a0a35b
1 file changed
Lines changed: 4 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | | - | |
39 | | - | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
40 | 42 | | |
41 | 43 | | |
42 | 44 | | |
| |||
0 commit comments