github.com/apptainer/singularity@v3.1.1+incompatible/internal/pkg/security/apparmor/apparmor_linux.go

github.com/apptainer/singularity@v3.1.1+incompatible/internal/pkg/security/apparmor/apparmor_linux.go (about)

     1  // Copyright (c) 2018, Sylabs Inc. All rights reserved.
     2  // This software is licensed under a 3-clause BSD license. Please consult the
     3  // LICENSE.md file distributed with the sources of this project regarding your
     4  // rights to use or distribute this software.
     5  
     6  // +build apparmor
     7  
     8  package apparmor
     9  
    10  import (
    11  	"fmt"
    12  	"io/ioutil"
    13  	"os"
    14  )
    15  
    16  // Enabled returns whether apparmor is enabled/supported or not
    17  func Enabled() bool {
    18  	data, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
    19  	if err == nil && len(data) > 0 && data[0] == 'Y' {
    20  		return true
    21  	}
    22  	return false
    23  }
    24  
    25  // LoadProfile write apparmor profile in /proc/self/attr/exec
    26  func LoadProfile(profile string) error {
    27  	f, err := os.OpenFile("/proc/self/attr/exec", os.O_WRONLY, 0)
    28  	if err != nil {
    29  		return err
    30  	}
    31  
    32  	defer f.Close()
    33  
    34  	p := "exec " + profile
    35  	if _, err := f.Write([]byte(p)); err != nil {
    36  		return fmt.Errorf("failed to set apparmor profile (%s)", err)
    37  	}
    38  	return nil
    39  }