Skip to content

Commit 9f49691

Browse files
neersightedneersighted
authored
Merge pull request #45043 from neersighted/backport/44982/23.0
[23.0 backport] daemon: fully resolve `apparmor_parser` regression
2 parents bb687c1 + b8c448e commit 9f49691

File tree

12 files changed

+138
-85
lines changed

12 files changed

+138
-85
lines changed

daemon/apparmor_default.go

Lines changed: 1 addition & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,9 @@ package daemon // import "github.com/docker/docker/daemon"
55

66
import (
77
"fmt"
8-
"os"
9-
"sync"
108

119
"github.com/containerd/containerd/pkg/apparmor"
1210
aaprofile "github.com/docker/docker/profiles/apparmor"
13-
"github.com/sirupsen/logrus"
1411
)
1512

1613
// Define constants for native driver
@@ -19,11 +16,6 @@ const (
1916
defaultAppArmorProfile = "docker-default"
2017
)
2118

22-
var (
23-
checkAppArmorOnce sync.Once
24-
isAppArmorAvailable bool
25-
)
26-
2719
// DefaultApparmorProfile returns the name of the default apparmor profile
2820
func DefaultApparmorProfile() string {
2921
if apparmor.HostSupports() {
@@ -33,20 +25,7 @@ func DefaultApparmorProfile() string {
3325
}
3426

3527
func ensureDefaultAppArmorProfile() error {
36-
checkAppArmorOnce.Do(func() {
37-
if apparmor.HostSupports() {
38-
// Restore the apparmor_parser check removed in containerd:
39-
// https://github.com/containerd/containerd/commit/1acca8bba36e99684ee3489ea4a42609194ca6b9
40-
// Fixes: https://github.com/moby/moby/issues/44900
41-
if _, err := os.Stat("/sbin/apparmor_parser"); err == nil {
42-
isAppArmorAvailable = true
43-
} else {
44-
logrus.Warn("AppArmor enabled on system but \"apparmor_parser\" binary is missing, so profile can't be loaded")
45-
}
46-
}
47-
})
48-
49-
if isAppArmorAvailable {
28+
if apparmor.HostSupports() {
5029
loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
5130
if err != nil {
5231
return fmt.Errorf("Could not check if %s AppArmor profile was loaded: %s", defaultAppArmorProfile, err)

vendor.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ require (
1919
github.com/bsphere/le_go v0.0.0-20200109081728-fc06dab2caa8
2020
github.com/cloudflare/cfssl v0.0.0-20180323000720-5d63dbd981b5
2121
github.com/containerd/cgroups v1.0.4
22-
github.com/containerd/containerd v1.6.16
22+
github.com/containerd/containerd v1.6.18
2323
github.com/containerd/continuity v0.3.0
2424
github.com/containerd/fifo v1.0.0
2525
github.com/containerd/typeurl v1.0.2

vendor.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -243,8 +243,8 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq
243243
github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
244244
github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
245245
github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
246-
github.com/containerd/containerd v1.6.16 h1:0H5xH6ABsN7XTrxIAKxFpBkFCBtrZ/OSORhCpUnHjrc=
247-
github.com/containerd/containerd v1.6.16/go.mod h1:1RdCUu95+gc2v9t3IL+zIlpClSmew7/0YS8O5eQZrOw=
246+
github.com/containerd/containerd v1.6.18 h1:qZbsLvmyu+Vlty0/Ex5xc0z2YtKpIsb5n45mAMI+2Ns=
247+
github.com/containerd/containerd v1.6.18/go.mod h1:1RdCUu95+gc2v9t3IL+zIlpClSmew7/0YS8O5eQZrOw=
248248
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
249249
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
250250
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=

vendor/github.com/containerd/containerd/Vagrantfile

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/containerd/containerd/api/services/content/v1/content.pb.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/containerd/containerd/images/archive/importer.go

Lines changed: 7 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/containerd/containerd/oci/spec_opts.go

Lines changed: 103 additions & 37 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/containerd/containerd/pkg/apparmor/apparmor.go

Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/containerd/containerd/pkg/apparmor/apparmor_linux.go

Lines changed: 6 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)