Browse code
apparmor: switch IsLoaded to return bool
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Aleksa Sarai authored on 2016/12/05 22:10:08Showing 2 changed files
| ... | ... |
@@ -21,7 +21,7 @@ func installDefaultAppArmorProfile() {
|
| 21 | 21 |
// Allow daemon to run if loading failed, but are active |
| 22 | 22 |
// (possibly through another run, manually, or via system startup) |
| 23 | 23 |
for _, policy := range apparmorProfiles {
|
| 24 |
- if err := aaprofile.IsLoaded(policy); err != nil {
|
|
| 24 |
+ if loaded, err := aaprofile.IsLoaded(policy); err != nil || !loaded {
|
|
| 25 | 25 |
logrus.Errorf("AppArmor enabled on system but the %s profile could not be loaded.", policy)
|
| 26 | 26 |
} |
| 27 | 27 |
} |
| ... | ... |
@@ -94,22 +94,28 @@ func InstallDefault(name string) error {
|
| 94 | 94 |
return nil |
| 95 | 95 |
} |
| 96 | 96 |
|
| 97 |
-// IsLoaded checks if a passed profile has been loaded into the kernel. |
|
| 98 |
-func IsLoaded(name string) error {
|
|
| 97 |
+// IsLoaded checks if a profile with the given name has been loaded into the |
|
| 98 |
+// kernel. |
|
| 99 |
+func IsLoaded(name string) (bool, error) {
|
|
| 99 | 100 |
file, err := os.Open("/sys/kernel/security/apparmor/profiles")
|
| 100 | 101 |
if err != nil {
|
| 101 |
- return err |
|
| 102 |
+ return false, err |
|
| 102 | 103 |
} |
| 103 | 104 |
defer file.Close() |
| 104 | 105 |
|
| 105 | 106 |
r := bufio.NewReader(file) |
| 106 | 107 |
for {
|
| 107 | 108 |
p, err := r.ReadString('\n')
|
| 109 |
+ if err == io.EOF {
|
|
| 110 |
+ break |
|
| 111 |
+ } |
|
| 108 | 112 |
if err != nil {
|
| 109 |
- return err |
|
| 113 |
+ return false, err |
|
| 110 | 114 |
} |
| 111 | 115 |
if strings.HasPrefix(p, name+" ") {
|
| 112 |
- return nil |
|
| 116 |
+ return true, nil |
|
| 113 | 117 |
} |
| 114 | 118 |
} |
| 119 |
+ |
|
| 120 |
+ return false, nil |
|
| 115 | 121 |
} |