Merge pull request #47005 from thaJeztah/remove_pkg_aaparser

remove pkg/aaparser, and inline remaining functionality in profiles/apparmor

pkg/aaparser/aaparser.go

@@ -1,96 +0,0 @@
-// Package aaparser is a convenience package interacting with `apparmor_parser`.
-package aaparser // import "github.com/docker/docker/pkg/aaparser"
-
-import (
-	"fmt"
-	"os/exec"
-	"strconv"
-	"strings"
-)
-
-const (
-	binary = "apparmor_parser"
-)
-
-// GetVersion returns the major and minor version of apparmor_parser.
-//
-// Deprecated: no longer used, and will be removed in the next release.
-func GetVersion() (int, error) {
-	output, err := cmd("", "--version")
-	if err != nil {
-		return -1, err
-	}
-
-	return parseVersion(output)
-}
-
-// LoadProfile runs `apparmor_parser -Kr` on a specified apparmor profile to
-// replace the profile. The `-K` is necessary to make sure that apparmor_parser
-// doesn't try to write to a read-only filesystem.
-func LoadProfile(profilePath string) error {
-	_, err := cmd("", "-Kr", profilePath)
-	return err
-}
-
-// cmd runs `apparmor_parser` with the passed arguments.
-func cmd(dir string, arg ...string) (string, error) {
-	c := exec.Command(binary, arg...)
-	c.Dir = dir
-
-	output, err := c.CombinedOutput()
-	if err != nil {
-		return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
-	}
-
-	return string(output), nil
-}
-
-// parseVersion takes the output from `apparmor_parser --version` and returns
-// a representation of the {major, minor, patch} version as a single number of
-// the form MMmmPPP {major, minor, patch}.
-func parseVersion(output string) (int, error) {
-	// output is in the form of the following:
-	// AppArmor parser version 2.9.1
-	// Copyright (C) 1999-2008 Novell Inc.
-	// Copyright 2009-2012 Canonical Ltd.
-
-	lines := strings.SplitN(output, "\n", 2)
-	words := strings.Split(lines[0], " ")
-	version := words[len(words)-1]
-
-	// trim "-beta1" suffix from version="3.0.0-beta1" if exists
-	version = strings.SplitN(version, "-", 2)[0]
-	// also trim "~..." suffix used historically (https://gitlab.com/apparmor/apparmor/-/commit/bca67d3d27d219d11ce8c9cc70612bd637f88c10)
-	version = strings.SplitN(version, "~", 2)[0]
-
-	// split by major minor version
-	v := strings.Split(version, ".")
-	if len(v) == 0 || len(v) > 3 {
-		return -1, fmt.Errorf("parsing version failed for output: `%s`", output)
-	}
-
-	// Default the versions to 0.
-	var majorVersion, minorVersion, patchLevel int
-
-	majorVersion, err := strconv.Atoi(v[0])
-	if err != nil {
-		return -1, err
-	}
-
-	if len(v) > 1 {
-		minorVersion, err = strconv.Atoi(v[1])
-		if err != nil {
-			return -1, err
-		}
-	}
-	if len(v) > 2 {
-		patchLevel, err = strconv.Atoi(v[2])
-		if err != nil {
-			return -1, err
-		}
-	}
-
-	// major*10^5 + minor*10^3 + patch*10^0
-	numericVersion := majorVersion*1e5 + minorVersion*1e3 + patchLevel
-	return numericVersion, nil
-}

pkg/aaparser/aaparser_test.go

@@ -1,95 +0,0 @@
-package aaparser // import "github.com/docker/docker/pkg/aaparser"
-
-import (
-	"testing"
-)
-
-type versionExpected struct {
-	output  string
-	version int
-}
-
-func TestParseVersion(t *testing.T) {
-	versions := []versionExpected{
-		{
-			output: `AppArmor parser version 2.10
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 210000,
-		},
-		{
-			output: `AppArmor parser version 2.8
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 208000,
-		},
-		{
-			output: `AppArmor parser version 2.20
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 220000,
-		},
-		{
-			output: `AppArmor parser version 2.05
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 205000,
-		},
-		{
-			output: `AppArmor parser version 2.2.0~rc2
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 202000,
-		},
-		{
-			output: `AppArmor parser version 2.9.95
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 209095,
-		},
-		{
-			output: `AppArmor parser version 3.14.159
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 314159,
-		},
-		{
-			output: `AppArmor parser version 3.0.0-beta1
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2018 Canonical Ltd.
-`,
-			version: 300000,
-		},
-		{
-			output: `AppArmor parser version 3.0.0-beta1-foo-bar
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2018 Canonical Ltd.
-`,
-			version: 300000,
-		},
-	}
-
-	for _, v := range versions {
-		version, err := parseVersion(v.output)
-		if err != nil {
-			t.Fatalf("expected error to be nil for %#v, got: %v", v, err)
-		}
-		if version != v.version {
-			t.Fatalf("expected version to be %d, was %d, for: %#v\n", v.version, version, v)
-		}
-	}
-}

profiles/apparmor/apparmor.go

@@ -4,13 +4,13 @@ package apparmor // import "github.com/docker/docker/profiles/apparmor"
 
 import (
 	"bufio"
+	"fmt"
 	"io"
 	"os"
+	"os/exec"
 	"path"
 	"strings"
 	"text/template"
-
-	"github.com/docker/docker/pkg/aaparser"
 )
 
 // profileDirectory is the file store for apparmor profiles and macros.
@@ -94,7 +94,7 @@ func InstallDefault(name string) error {
 		return err
 	}
 
-	return aaparser.LoadProfile(profilePath)
+	return loadProfile(profilePath)
 }
 
 // IsLoaded checks if a profile with the given name has been loaded into the
@@ -122,3 +122,18 @@ func IsLoaded(name string) (bool, error) {
 
 	return false, nil
 }
+
+// loadProfile runs `apparmor_parser -Kr` on a specified apparmor profile to
+// replace the profile. The `-K` is necessary to make sure that apparmor_parser
+// doesn't try to write to a read-only filesystem.
+func loadProfile(profilePath string) error {
+	c := exec.Command("apparmor_parser", "-Kr", profilePath)
+	c.Dir = ""
+
+	output, err := c.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
+	}
+
+	return nil
+}