diff options
| author | Sebastiaan van Stijn <github@gone.nl> | 2023-05-08 13:17:59 +0200 |
|---|---|---|
| committer | Sebastiaan van Stijn <github@gone.nl> | 2023-05-09 16:48:45 +0200 |
| commit | d169a5730649e2661c48221f583f8f3c771c7c16 (patch) | |
| tree | 26176e0cadce11ab0541519f1cc605436a397675 | |
| parent | 269e55a915187bd9bf4eec22b26d00f2342f23ad (diff) | |
| download | docker-d169a5730649e2661c48221f583f8f3c771c7c16.tar.gz | |
contrib/apparmor: remove remaining version-conditionals (< 2.9) from template
Commit 2e19a4d56bf22c99be9d67a1a2f24764aa56e8bb removed all other version-
conditional statements from the AppArmor template, but left this one in place.
These conditions were added in 8cf89245f5b5f9abb066f599cb69bfe0202bae5d
to account for old versions of debian/ubuntu (apparmor_parser < 2.9)
that lacked some options;
> This allows us to use the apparmor profile we have in contrib/apparmor/
> and solves the problems where certain functions are not apparent on older
> versions of apparmor_parser on debian/ubuntu.
Those patches were from 2015/2016, and all currently supported distro
versions should now have more current versions than that. Looking at the
oldest supported versions;
Ubuntu 18.04 "Bionic":
apparmor_parser --version
AppArmor parser version 2.12
Copyright (C) 1999-2008 Novell Inc.
Copyright 2009-2012 Canonical Ltd.
Debian 10 "Buster"
apparmor_parser --version
AppArmor parser version 2.13.2
Copyright (C) 1999-2008 Novell Inc.
Copyright 2009-2018 Canonical Ltd.
This patch removes the remaining conditionals.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f445ee1e6cba4495e9530b876ec2a213ae595345)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
| -rw-r--r-- | contrib/apparmor/main.go | 16 | ||||
| -rw-r--r-- | contrib/apparmor/template.go | 2 |
2 files changed, 2 insertions, 16 deletions
diff --git a/contrib/apparmor/main.go b/contrib/apparmor/main.go index f4a2978b86..d67890d265 100644 --- a/contrib/apparmor/main.go +++ b/contrib/apparmor/main.go @@ -6,13 +6,9 @@ import ( "os" "path" "text/template" - - "github.com/docker/docker/pkg/aaparser" ) -type profileData struct { - Version int -} +type profileData struct{} func main() { if len(os.Args) < 2 { @@ -22,15 +18,6 @@ func main() { // parse the arg apparmorProfilePath := os.Args[1] - version, err := aaparser.GetVersion() - if err != nil { - log.Fatal(err) - } - data := profileData{ - Version: version, - } - fmt.Printf("apparmor_parser is of version %+v\n", data) - // parse the template compiled, err := template.New("apparmor_profile").Parse(dockerProfileTemplate) if err != nil { @@ -48,6 +35,7 @@ func main() { } defer f.Close() + data := profileData{} if err := compiled.Execute(f, data); err != nil { log.Fatalf("executing template failed: %v", err) } diff --git a/contrib/apparmor/template.go b/contrib/apparmor/template.go index 4999ca5dc6..58afcbe845 100644 --- a/contrib/apparmor/template.go +++ b/contrib/apparmor/template.go @@ -149,9 +149,7 @@ profile /usr/bin/docker (attach_disconnected, complain) { } # xz works via pipes, so we do not need access to the filesystem. profile /usr/bin/xz (complain) { -{{if ge .Version 209000}} signal (receive) peer=/usr/bin/docker, -{{end}} /etc/ld.so.cache r, /lib/** rm, /usr/bin/xz rm, |