contrib/apparmor: remove remaining version-conditionals (< 2.9) from template
Commit2e19a4d56b
removed all other version- conditional statements from the AppArmor template, but left this one in place. These conditions were added in8cf89245f5
to account for old versions of debian/ubuntu (apparmor_parser < 2.9) that lacked some options; > This allows us to use the apparmor profile we have in contrib/apparmor/ > and solves the problems where certain functions are not apparent on older > versions of apparmor_parser on debian/ubuntu. Those patches were from 2015/2016, and all currently supported distro versions should now have more current versions than that. Looking at the oldest supported versions; Ubuntu 18.04 "Bionic": apparmor_parser --version AppArmor parser version 2.12 Copyright (C) 1999-2008 Novell Inc. Copyright 2009-2012 Canonical Ltd. Debian 10 "Buster" apparmor_parser --version AppArmor parser version 2.13.2 Copyright (C) 1999-2008 Novell Inc. Copyright 2009-2018 Canonical Ltd. This patch removes the remaining conditionals. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
88f4bf4ae4
commit
f445ee1e6c
2 changed files with 2 additions and 16 deletions
|
@ -6,13 +6,9 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
"text/template"
|
"text/template"
|
||||||
|
|
||||||
"github.com/docker/docker/pkg/aaparser"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type profileData struct {
|
type profileData struct{}
|
||||||
Version int
|
|
||||||
}
|
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
if len(os.Args) < 2 {
|
if len(os.Args) < 2 {
|
||||||
|
@ -22,15 +18,6 @@ func main() {
|
||||||
// parse the arg
|
// parse the arg
|
||||||
apparmorProfilePath := os.Args[1]
|
apparmorProfilePath := os.Args[1]
|
||||||
|
|
||||||
version, err := aaparser.GetVersion()
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
data := profileData{
|
|
||||||
Version: version,
|
|
||||||
}
|
|
||||||
fmt.Printf("apparmor_parser is of version %+v\n", data)
|
|
||||||
|
|
||||||
// parse the template
|
// parse the template
|
||||||
compiled, err := template.New("apparmor_profile").Parse(dockerProfileTemplate)
|
compiled, err := template.New("apparmor_profile").Parse(dockerProfileTemplate)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -48,6 +35,7 @@ func main() {
|
||||||
}
|
}
|
||||||
defer f.Close()
|
defer f.Close()
|
||||||
|
|
||||||
|
data := profileData{}
|
||||||
if err := compiled.Execute(f, data); err != nil {
|
if err := compiled.Execute(f, data); err != nil {
|
||||||
log.Fatalf("executing template failed: %v", err)
|
log.Fatalf("executing template failed: %v", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -149,9 +149,7 @@ profile /usr/bin/docker (attach_disconnected, complain) {
|
||||||
}
|
}
|
||||||
# xz works via pipes, so we do not need access to the filesystem.
|
# xz works via pipes, so we do not need access to the filesystem.
|
||||||
profile /usr/bin/xz (complain) {
|
profile /usr/bin/xz (complain) {
|
||||||
{{if ge .Version 209000}}
|
|
||||||
signal (receive) peer=/usr/bin/docker,
|
signal (receive) peer=/usr/bin/docker,
|
||||||
{{end}}
|
|
||||||
/etc/ld.so.cache r,
|
/etc/ld.so.cache r,
|
||||||
/lib/** rm,
|
/lib/** rm,
|
||||||
/usr/bin/xz rm,
|
/usr/bin/xz rm,
|
||||||
|
|
Loading…
Reference in a new issue