beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

contrib/apparmor: remove remaining version-conditionals (< 2.9) from template

Browse source 
Commit 2e19a4d56b removed all other version-
conditional statements from the AppArmor template, but left this one in place.

These conditions were added in 8cf89245f5
to account for old versions of debian/ubuntu (apparmor_parser < 2.9)
that lacked some options;

> This allows us to use the apparmor profile we have in contrib/apparmor/
> and solves the problems where certain functions are not apparent on older
> versions of apparmor_parser on debian/ubuntu.

Those patches were from 2015/2016, and all currently supported distro
versions should now have more current versions than that. Looking at the
oldest supported versions;

Ubuntu 18.04 "Bionic":

    apparmor_parser --version
    AppArmor parser version 2.12
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2012 Canonical Ltd.

Debian 10 "Buster"

    apparmor_parser --version
    AppArmor parser version 2.13.2
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2018 Canonical Ltd.

This patch removes the remaining conditionals.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2023-05-08 13:17:59 +02:00
parent 88f4bf4ae4
commit f445ee1e6c
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
2 changed files with 2 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
contrib/apparmor/main.go
View file

@ -6,13 +6,9 @@ import (
"os"
"path"
"text/template"
"github.com/docker/docker/pkg/aaparser"
)
type profileData struct {
Version int
}
type profileData struct{}
func main() {
if len(os.Args) < 2 {
@ -22,15 +18,6 @@ func main() {
// parse the arg
apparmorProfilePath := os.Args[1]
version, err := aaparser.GetVersion()
if err != nil {
log.Fatal(err)
}
data := profileData{
Version: version,
}
fmt.Printf("apparmor_parser is of version %+v\n", data)
// parse the template
compiled, err := template.New("apparmor_profile").Parse(dockerProfileTemplate)
if err != nil {
@ -48,6 +35,7 @@ func main() {
}
defer f.Close()
data := profileData{}
if err := compiled.Execute(f, data); err != nil {
log.Fatalf("executing template failed: %v", err)
}

2
contrib/apparmor/template.go
View file

@ -149,9 +149,7 @@ profile /usr/bin/docker (attach_disconnected, complain) {
}
# xz works via pipes, so we do not need access to the filesystem.
profile /usr/bin/xz (complain) {
{{if ge .Version 209000}}
signal (receive) peer=/usr/bin/docker,
{{end}}
/etc/ld.so.cache r,
/lib/** rm,
/usr/bin/xz rm,