dilim/containerd
1
0
Fork 0
mirror of https://github.com/containerd/containerd.git synced 2026-06-30 19:58:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove noinline in apparmor SpecOpts

Browse Source 
Signed-off-by: Jin Dong <djdongjin95@gmail.com>
This commit is contained in:
Jin Dong
2025-01-14 18:19:55 +00:00
parent 2a4164ac86
commit 222308416c
2 changed files with 20 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
contrib/apparmor/apparmor.go
View File

@@ -39,11 +39,6 @@ func WithProfile(profile string) oci.SpecOpts {
// WithDefaultProfile will generate a default apparmor profile under the provided name
// for the container. It is only generated if a profile under that name does not exist.
//
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
// since Go 1.21.
//
//go:noinline
func WithDefaultProfile(name string) oci.SpecOpts {
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
if err := LoadDefaultProfile(name); err != nil {

24
internal/cri/server/container_create_linux_test.go
View File

@@ -21,7 +21,6 @@ import (
"fmt"
"os"
"path/filepath"
"reflect"
"strings"
"testing"
@@ -1210,13 +1209,30 @@ func TestGenerateApparmorSpecOpts(t *testing.T) {
asp = csp
}
specOpts, err := generateApparmorSpecOpts(asp, test.privileged, !test.disable)
assert.Equal(t,
reflect.ValueOf(test.specOpts).Pointer(),
reflect.ValueOf(specOpts).Pointer())
if test.expectErr {
assert.Error(t, err)
} else {
assert.NoError(t, err)
if test.specOpts == nil && specOpts == nil {
return
}
if test.specOpts == nil || specOpts == nil {
t.Fatalf("unexpected nil specOpts, expected nil: %t, actual nil: %t", test.specOpts == nil, specOpts == nil)
}
// `specOpts` for seccomp only uses/modifies `*specs.Spec`, not
// `oci.Client` or `*containers.Container`, so let's construct a
// `*specs.Spec` and compare if the results are the same.
expected := runtimespec.Spec{
Linux: &runtimespec.Linux{},
Process: &runtimespec.Process{},
}
var actual runtimespec.Spec
err := util.DeepCopy(&actual, &expected)
assert.NoError(t, err)
test.specOpts(context.TODO(), nil, nil, &expected)
specOpts(context.TODO(), nil, nil, &actual)
assert.Equal(t, expected, actual)
}
}
})