@@ -41,33 +41,41 @@ func WithProfile(profile string) oci.SpecOpts {
4141// for the container. It is only generated if a profile under that name does not exist.
4242func WithDefaultProfile (name string ) oci.SpecOpts {
4343 return func (_ context.Context , _ oci.Client , _ * containers.Container , s * specs.Spec ) error {
44- yes , err := isLoaded (name )
45- if err != nil {
44+ if err := LoadDefaultProfile (name ); err != nil {
4645 return err
4746 }
48- if yes {
49- s .Process .ApparmorProfile = name
50- return nil
51- }
52- p , err := loadData (name )
53- if err != nil {
54- return err
55- }
56- f , err := ioutil .TempFile (os .Getenv ("XDG_RUNTIME_DIR" ), p .Name )
57- if err != nil {
58- return err
59- }
60- defer f .Close ()
61- path := f .Name ()
62- defer os .Remove (path )
63-
64- if err := generate (p , f ); err != nil {
65- return err
66- }
67- if err := load (path ); err != nil {
68- return errors .Wrapf (err , "load apparmor profile %s" , path )
69- }
7047 s .Process .ApparmorProfile = name
7148 return nil
7249 }
7350}
51+
52+ // LoadDefaultProfile ensures the default profile to be loaded with the given name.
53+ // Returns nil error if the profile is already loaded.
54+ func LoadDefaultProfile (name string ) error {
55+ yes , err := isLoaded (name )
56+ if err != nil {
57+ return err
58+ }
59+ if yes {
60+ return nil
61+ }
62+ p , err := loadData (name )
63+ if err != nil {
64+ return err
65+ }
66+ f , err := ioutil .TempFile (os .Getenv ("XDG_RUNTIME_DIR" ), p .Name )
67+ if err != nil {
68+ return err
69+ }
70+ defer f .Close ()
71+ path := f .Name ()
72+ defer os .Remove (path )
73+
74+ if err := generate (p , f ); err != nil {
75+ return err
76+ }
77+ if err := load (path ); err != nil {
78+ return errors .Wrapf (err , "load apparmor profile %s" , path )
79+ }
80+ return nil
81+ }
0 commit comments