Skip to content

[23.0 backport] apparmor: Check if apparmor_parser is available #44942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 7, 2023
Merged

[23.0 backport] apparmor: Check if apparmor_parser is available #44942

merged 1 commit into from
Feb 7, 2023

Conversation

@vvoland
Copy link
Contributor

@vvoland vvoland commented Feb 7, 2023
edited by thaJeztah
Loading

hostSupports doesn't check if the apparmor_parser is available. It's possible in some environments that the apparmor will be enabled but the tool to load the profile is not available which will cause the ensureDefaultAppArmorProfile to fail completely.

This patch checks if the apparmor_parser is available. Otherwise the function returns early, but still logs a warning to the daemon log.

Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com
(cherry picked from commit ab3fa46)

- What I did

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@vvoland
apparmor: Check if apparmor_parser is available
38b70eb 
`hostSupports` doesn't check if the apparmor_parser is available.
It's possible in some environments that the apparmor will be enabled but
the tool to load the profile is not available which will cause the
ensureDefaultAppArmorProfile to fail completely.

This patch checks if the apparmor_parser is available. Otherwise the
function returns early, but still logs a warning to the daemon log.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit ab3fa46)
@thaJeztah thaJeztah added this to the 23.0.1 milestone Feb 7, 2023
thaJeztah
thaJeztah approved these changes Feb 7, 2023
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@thaJeztah
Copy link
Member

thaJeztah commented Feb 7, 2023

All green; bringing this in 👍

@thaJeztah thaJeztah merged commit e664cc2 into moby:23.0 Feb 7, 2023
@tianon tianon mentioned this pull request Feb 9, 2023
Closed
@kit-ty-kate kit-ty-kate mentioned this pull request Feb 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

Assignees

No one assigned

Labels

area/runtime Runtime area/security/apparmor impact/changelog status/2-code-review

Projects

None yet

Milestone

23.0.1

Development

Successfully merging this pull request may close these issues.

3 participants

@vvoland @thaJeztah @neersighted