Skip to content

contrib/apparmor: remove version-dependent rules #8068

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
estesp merged 1 commit into from
Feb 13, 2023
Merged

contrib/apparmor: remove version-dependent rules #8068

estesp merged 1 commit into from
Feb 13, 2023

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Feb 8, 2023

These conditions were added in docker in moby/moby@8cf8924 to account for old versions of debian/ubuntu (apparmor_parser < 2.8.95) that lacked some options;

This allows us to use the apparmor profile we have in contrib/apparmor/
and solves the problems where certain functions are not apparent on older
versions of apparmor_parser on debian/ubuntu.

Those patches were from 2015/2016, and all currently supported distro versions should now have more current versions than that. Looking at the oldest supported versions;

Ubuntu 18.04 "Bionic":

apparmor_parser --version
AppArmor parser version 2.12
Copyright (C) 1999-2008 Novell Inc.
Copyright 2009-2012 Canonical Ltd.

Debian 10 "Buster"

apparmor_parser --version
AppArmor parser version 2.13.2
Copyright (C) 1999-2008 Novell Inc.
Copyright 2009-2018 Canonical Ltd.

This patch removes the version-dependent rules.

Signed-off-by: Sebastiaan van Stijn github@gone.nl

This was referenced Feb 8, 2023
Merged
Merged
@estesp
Copy link
Member

estesp commented Feb 10, 2023

Needs rebase on main for Windows CI fixes?

@thaJeztah
contrib/apparmor: remove version-dependent rules
c990e3f 
These conditions were added in docker in moby/moby@8cf8924
to account for old versions of debian/ubuntu (apparmor_parser < 2.8.95)
that lacked some options;

> This allows us to use the apparmor profile we have in contrib/apparmor/
> and solves the problems where certain functions are not apparent on older
> versions of apparmor_parser on debian/ubuntu.

Those patches were from 2015/2016, and all currently supported distro
versions should now have more current versions than that. Looking at the
oldest supported versions;

Ubuntu 18.04 "Bionic":

    apparmor_parser --version
    AppArmor parser version 2.12
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2012 Canonical Ltd.

Debian 10 "Buster"

    apparmor_parser --version
    AppArmor parser version 2.13.2
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2018 Canonical Ltd.

This patch removes the version-dependent rules.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah force-pushed the apparmor_remove_versioned branch from 30c893e to c990e3f Compare February 10, 2023 15:30
@thaJeztah
Copy link
Member Author

thaJeztah commented Feb 10, 2023

Ah, thanks for the ping rebased 👍

FWIW; I also have a follow-up to this one in #8069. I decided to keep them separate (the more trivial bits first in this PR).

estesp
estesp approved these changes Feb 10, 2023
View reviewed changes
Copy link
Member

@estesp estesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@estesp estesp merged commit ee73e2e into containerd:main Feb 13, 2023
@lengrongfu lengrongfu mentioned this pull request Jan 19, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estesp estesp estesp approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

+1 more reviewer

@neersighted neersighted neersighted approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

Pull Request Review
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thaJeztah @estesp @neersighted @AkihiroSuda