diff --git a/contrib/apparmor/apparmor.go b/contrib/apparmor/apparmor.go index 77c367f4ae..136953a23a 100644 --- a/contrib/apparmor/apparmor.go +++ b/contrib/apparmor/apparmor.go @@ -39,11 +39,6 @@ func WithProfile(profile string) oci.SpecOpts { // WithDefaultProfile will generate a default apparmor profile under the provided name // for the container. It is only generated if a profile under that name does not exist. -// -// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline -// since Go 1.21. -// -//go:noinline func WithDefaultProfile(name string) oci.SpecOpts { return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { if err := LoadDefaultProfile(name); err != nil { diff --git a/internal/cri/server/container_create_linux_test.go b/internal/cri/server/container_create_linux_test.go index bb43dfe36e..95966d0243 100644 --- a/internal/cri/server/container_create_linux_test.go +++ b/internal/cri/server/container_create_linux_test.go @@ -21,7 +21,6 @@ import ( "fmt" "os" "path/filepath" - "reflect" "strings" "testing" @@ -1210,13 +1209,30 @@ func TestGenerateApparmorSpecOpts(t *testing.T) { asp = csp } specOpts, err := generateApparmorSpecOpts(asp, test.privileged, !test.disable) - assert.Equal(t, - reflect.ValueOf(test.specOpts).Pointer(), - reflect.ValueOf(specOpts).Pointer()) if test.expectErr { assert.Error(t, err) } else { assert.NoError(t, err) + if test.specOpts == nil && specOpts == nil { + return + } + if test.specOpts == nil || specOpts == nil { + t.Fatalf("unexpected nil specOpts, expected nil: %t, actual nil: %t", test.specOpts == nil, specOpts == nil) + } + // `specOpts` for seccomp only uses/modifies `*specs.Spec`, not + // `oci.Client` or `*containers.Container`, so let's construct a + // `*specs.Spec` and compare if the results are the same. + expected := runtimespec.Spec{ + Linux: &runtimespec.Linux{}, + Process: &runtimespec.Process{}, + } + var actual runtimespec.Spec + err := util.DeepCopy(&actual, &expected) + assert.NoError(t, err) + + test.specOpts(context.TODO(), nil, nil, &expected) + specOpts(context.TODO(), nil, nil, &actual) + assert.Equal(t, expected, actual) } } })