|
|
@@ -5,6 +5,7 @@ package apparmor
|
|
|
import (
|
|
|
"bufio"
|
|
|
"io"
|
|
|
+ "io/ioutil"
|
|
|
"os"
|
|
|
"path"
|
|
|
"strings"
|
|
|
@@ -16,8 +17,6 @@ import (
|
|
|
var (
|
|
|
// profileDirectory is the file store for apparmor profiles and macros.
|
|
|
profileDirectory = "/etc/apparmor.d"
|
|
|
- // defaultProfilePath is the default path for the apparmor profile to be saved.
|
|
|
- defaultProfilePath = path.Join(profileDirectory, "docker")
|
|
|
)
|
|
|
|
|
|
// profileData holds information about the given profile for generation.
|
|
|
@@ -70,26 +69,26 @@ func macroExists(m string) bool {
|
|
|
// InstallDefault generates a default profile and installs it in the
|
|
|
// ProfileDirectory with `apparmor_parser`.
|
|
|
func InstallDefault(name string) error {
|
|
|
- // Make sure the path where they want to save the profile exists
|
|
|
- if err := os.MkdirAll(profileDirectory, 0755); err != nil {
|
|
|
- return err
|
|
|
- }
|
|
|
-
|
|
|
p := profileData{
|
|
|
Name: name,
|
|
|
}
|
|
|
|
|
|
- f, err := os.OpenFile(defaultProfilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
|
|
|
+ // Install to a temporary directory.
|
|
|
+ f, err := ioutil.TempFile("", name)
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
+ profilePath := f.Name()
|
|
|
+
|
|
|
+ defer f.Close()
|
|
|
+ defer os.Remove(profilePath)
|
|
|
+
|
|
|
if err := p.generateDefault(f); err != nil {
|
|
|
f.Close()
|
|
|
return err
|
|
|
}
|
|
|
- f.Close()
|
|
|
|
|
|
- if err := aaparser.LoadProfile(defaultProfilePath); err != nil {
|
|
|
+ if err := aaparser.LoadProfile(profilePath); err != nil {
|
|
|
return err
|
|
|
}
|
|
|
|
Aleksa Sarai