We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
moby
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

contrib/apparmor: remove remaining version-conditionals (< 2.9) from template

Commit 2e19a4d56bf22c99be9d67a1a2f24764aa56e8bb removed all other version-
conditional statements from the AppArmor template, but left this one in place.

These conditions were added in 8cf89245f5b5f9abb066f599cb69bfe0202bae5d
to account for old versions of debian/ubuntu (apparmor_parser < 2.9)
that lacked some options;

> This allows us to use the apparmor profile we have in contrib/apparmor/
> and solves the problems where certain functions are not apparent on older
> versions of apparmor_parser on debian/ubuntu.

Those patches were from 2015/2016, and all currently supported distro
versions should now have more current versions than that. Looking at the
oldest supported versions;

Ubuntu 18.04 "Bionic":

    apparmor_parser --version
    AppArmor parser version 2.12
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2012 Canonical Ltd.

Debian 10 "Buster"

    apparmor_parser --version
    AppArmor parser version 2.13.2
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2018 Canonical Ltd.

This patch removes the remaining conditionals.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f445ee1e6cba4495e9530b876ec2a213ae595345)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn 2 年之前
父节点
269e55a915
当前提交
d169a57306
共有 2 个文件被更改,包括 2 次插入16 次删除
合并视图 显示文件统计
  1. 2 14
      contrib/apparmor/main.go
  2. 0 2
      contrib/apparmor/template.go

+ 2 - 14
contrib/apparmor/main.go
查看文件 

@@ -6,13 +6,9 @@ import (
 
 	"os"
 
 	"os"
 
 	"path"
 
 	"path"
 
 	"text/template"
 
 	"text/template"
 
-
 
-	"github.com/docker/docker/pkg/aaparser"
 
 )
 
 )
 
 
 
-type profileData struct {
 
-	Version int
 
-}
 
+type profileData struct{}
 
 
 
 func main() {
 
 func main() {
 
 	if len(os.Args) < 2 {
 
 	if len(os.Args) < 2 {
 
@@ -22,15 +18,6 @@ func main() {
 
 	// parse the arg
 
 	// parse the arg
 
 	apparmorProfilePath := os.Args[1]
 
 	apparmorProfilePath := os.Args[1]
 
 
 
-	version, err := aaparser.GetVersion()
 
-	if err != nil {
 
-		log.Fatal(err)
 
-	}
 
-	data := profileData{
 
-		Version: version,
 
-	}
 
-	fmt.Printf("apparmor_parser is of version %+v\n", data)
 
-
 
 	// parse the template
 
 	// parse the template
 
 	compiled, err := template.New("apparmor_profile").Parse(dockerProfileTemplate)
 
 	compiled, err := template.New("apparmor_profile").Parse(dockerProfileTemplate)
 
 	if err != nil {
 
 	if err != nil {
 
@@ -48,6 +35,7 @@ func main() {
 
 	}
 
 	}
 
 	defer f.Close()
 
 	defer f.Close()
 
 
 
+	data := profileData{}
 
 	if err := compiled.Execute(f, data); err != nil {
 
 	if err := compiled.Execute(f, data); err != nil {
 
 		log.Fatalf("executing template failed: %v", err)
 
 		log.Fatalf("executing template failed: %v", err)
 
 	}
 
 	}

+ 0 - 2
contrib/apparmor/template.go
查看文件 

@@ -149,9 +149,7 @@ profile /usr/bin/docker (attach_disconnected, complain) {
 
   }
 
   }
 
   # xz works via pipes, so we do not need access to the filesystem.
 
   # xz works via pipes, so we do not need access to the filesystem.
 
   profile /usr/bin/xz (complain) {
 
   profile /usr/bin/xz (complain) {
 
-{{if ge .Version 209000}}
 
     signal (receive) peer=/usr/bin/docker,
 
     signal (receive) peer=/usr/bin/docker,
 
-{{end}}
 
     /etc/ld.so.cache r,
 
     /etc/ld.so.cache r,
 
     /lib/** rm,
 
     /lib/** rm,
 
     /usr/bin/xz rm,
 
     /usr/bin/xz rm,

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5