expose hostSupportsAppArmor()

AkihiroSuda · AkihiroSuda · commit 55eda46b22f9 · 2020-12-07T19:12:59.000+09:00
Signed-off-by: Akihiro Suda &lt;akihiro.suda.cz@hco.ntt.co.jp&gt;
diff --git a/pkg/apparmor/apparmor.go b/pkg/apparmor/apparmor.go
@@ -16,7 +16,7 @@
    limitations under the License.
 */
 
-package server
+package apparmor
 
 import (
 	"io/ioutil"
@@ -29,12 +29,12 @@ var (
 	checkAppArmor     sync.Once
 )
 
-// hostSupportsAppArmor returns true if apparmor is enabled for the host, if
+// HostSupports returns true if apparmor is enabled for the host, if
 // apparmor_parser is enabled, and if we are not running docker-in-docker.
 //
 // It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
 // check for apparmor_parser to be present, or if we're running docker-in-docker.
-func hostSupportsAppArmor() bool {
+func HostSupports() bool {
 	checkAppArmor.Do(func() {
 		// see https://github.com/docker/docker/commit/de191e86321f7d3136ff42ff75826b8107399497
 		if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
diff --git a/pkg/apparmor/apparmor_unsupported.go b/pkg/apparmor/apparmor_unsupported.go
@@ -16,9 +16,9 @@
    limitations under the License.
 */
 
-package server
+package apparmor
 
 //nolint: deadcode, unused
-func hostSupportsAppArmor() bool {
+func HostSupports() bool {
 	return false
 }
diff --git a/pkg/cri/server/helpers_linux.go b/pkg/cri/server/helpers_linux.go
@@ -30,6 +30,7 @@ import (
 
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/pkg/apparmor"
 	"github.com/containerd/containerd/pkg/seccomp"
 	"github.com/containerd/containerd/pkg/seutil"
 	"github.com/opencontainers/runtime-spec/specs-go"
@@ -146,7 +147,7 @@ func (c *criService) apparmorEnabled() bool {
 	if c.config.DisableApparmor {
 		return false
 	}
-	return hostSupportsAppArmor()
+	return apparmor.HostSupports()
 }
 
 func (c *criService) seccompEnabled() bool {

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ import (`
`30`	`30`
`31`	`31`	`"github.com/containerd/containerd/log"`
`32`	`32`	`"github.com/containerd/containerd/mount"`
	`33`	`+ "github.com/containerd/containerd/pkg/apparmor"`
`33`	`34`	`"github.com/containerd/containerd/pkg/seccomp"`
`34`	`35`	`"github.com/containerd/containerd/pkg/seutil"`
`35`	`36`	`"github.com/opencontainers/runtime-spec/specs-go"`
`@@ -146,7 +147,7 @@ func (c *criService) apparmorEnabled() bool {`
`146`	`147`	`if c.config.DisableApparmor {`
`147`	`148`	`return false`
`148`	`149`	`}`
`149`		`- return hostSupportsAppArmor()`
	`150`	`+ return apparmor.HostSupports()`
`150`	`151`	`}`
`151`	`152`
`152`	`153`	`func (c *criService) seccompEnabled() bool {`