From 20d6f23b55229b422c505d7056fd517a9027cf6a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 6 Dec 2016 00:10:08 +1100 Subject: [PATCH] apparmor: switch IsLoaded to return bool Signed-off-by: Aleksa Sarai (cherry picked from commit e440a57a793feb15c0f06d27178ee8241a2a9081) Signed-off-by: Victor Vieux --- daemon/apparmor_default.go | 2 +- profiles/apparmor/apparmor.go | 16 +++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go index e4065b4ad9..790e14b656 100644 --- a/daemon/apparmor_default.go +++ b/daemon/apparmor_default.go @@ -21,7 +21,7 @@ func installDefaultAppArmorProfile() { // Allow daemon to run if loading failed, but are active // (possibly through another run, manually, or via system startup) for _, policy := range apparmorProfiles { - if err := aaprofile.IsLoaded(policy); err != nil { + if loaded, err := aaprofile.IsLoaded(policy); err != nil || !loaded { logrus.Errorf("AppArmor enabled on system but the %s profile could not be loaded.", policy) } } diff --git a/profiles/apparmor/apparmor.go b/profiles/apparmor/apparmor.go index 8859a41b40..5132ebe008 100644 --- a/profiles/apparmor/apparmor.go +++ b/profiles/apparmor/apparmor.go @@ -95,22 +95,28 @@ func InstallDefault(name string) error { return nil } -// IsLoaded checks if a passed profile has been loaded into the kernel. -func IsLoaded(name string) error { +// IsLoaded checks if a profile with the given name has been loaded into the +// kernel. +func IsLoaded(name string) (bool, error) { file, err := os.Open("/sys/kernel/security/apparmor/profiles") if err != nil { - return err + return false, err } defer file.Close() r := bufio.NewReader(file) for { p, err := r.ReadString('\n') + if err == io.EOF { + break + } if err != nil { - return err + return false, err } if strings.HasPrefix(p, name+" ") { - return nil + return true, nil } } + + return false, nil }