Skip to content

Commit

Permalink
apparmor: Add AppArmor info at start time
Browse files Browse the repository at this point in the history
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
  • Loading branch information
pjbgf committed Aug 13, 2022
1 parent 3244ff5 commit 01a3bbd
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 0 deletions.
32 changes: 32 additions & 0 deletions internal/pkg/daemon/apparmorprofile/apparmorprofile.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ import (

"github.com/crossplane/crossplane-runtime/pkg/event"
"github.com/go-logr/logr"
aa "github.com/pjbgf/go-apparmor/pkg/apparmor"
"github.com/pjbgf/go-apparmor/pkg/hostop"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
Expand Down Expand Up @@ -271,3 +273,33 @@ func (r *Reconciler) handleDeletion(sp *v1alpha1.AppArmorProfile) error {
r.metrics.IncAppArmorProfileDelete()
return nil
}

func (r *Reconciler) logNodeInfo() {
r.log.Info("detecting apparmor support...")

mount := hostop.NewMountHostOp().WithLogger(r.log)
aa := aa.NewAppArmor().WithLogger(r.log)

err := mount.Do(func() error {
enabled, err := aa.Enabled()
r.log.Info(fmt.Sprintf("apparmor enabled: %s", ok(enabled, err)))

fsPath, err := aa.AppArmorFS()
r.log.Info(fmt.Sprintf("apparmor fs: %s (%v)", fsPath, err))

enforceable, err := aa.Enforceable()
r.log.Info(fmt.Sprintf("apparmor enforceable: %s", ok(enforceable, err)))

return nil
})
if err != nil {
r.log.Error(err, "mounting host")
}
}

func ok(ok bool, err error) string {
if ok {
return "OK"
}
return fmt.Sprintf("NOT OK (%v)", err)
}
2 changes: 2 additions & 0 deletions internal/pkg/daemon/apparmorprofile/setup.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ func (r *Reconciler) Setup(
r.metrics = met
r.manager = NewAppArmorProfileManager(r.log)

r.logNodeInfo()

// Register the regular reconciler to manage AppArmorProfiles
return ctrl.NewControllerManagedBy(mgr).
Named("apparmorprofile").
Expand Down

0 comments on commit 01a3bbd

Please sign in to comment.