-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix AppArmor profile Apply() function to correctly handle an "Unconfined" mode #8103
Fix AppArmor profile Apply() function to correctly handle an "Unconfined" mode #8103
Conversation
ada4507
to
07670a1
Compare
@roman-kiselenko, feel free to use @cri-o/cri-o-maintainers handle here. It casts a wider net of maintainers. |
Apply()
function doesn't seem to handle the case for "Unconfined" mode
@roman-kiselenko, I've made some changes to the subject and description (feel free to edit this one as needed). The commit subjects should be as imperative as possible, within reason. That said, I cannot adjust the commit subject line itself, so this is something you could do, if you want and have a moment. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #8103 +/- ##
==========================================
+ Coverage 49.67% 49.70% +0.02%
==========================================
Files 153 153
Lines 16826 16827 +1
==========================================
+ Hits 8359 8364 +5
+ Misses 7423 7420 -3
+ Partials 1044 1043 -1 |
/hold Waiting for the commit message to be updated. |
07670a1
to
e724439
Compare
/unhold |
/retest |
/hold I'm going to rebase after merge |
/unhold There is merged v1.30 version #8094 |
…ined" mode. Signed-off-by: roman-kiselenko <roman.kiselenko.dev@gmail.com>
e724439
to
d914961
Compare
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: haircommander, roman-kiselenko The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
Despite seemingly correct annotations, still seeing 'unconfined' return:
|
@jadedeane, please reply to and even possibly re-open the following: |
@kwilczynski apologies, sorted moving up to 1.31.0~dev-2.1. |
@jadedeane, no worries. So, just to confirm: you are all good here? Everything works as expected? |
Yes, thanks! |
What type of PR is this?
/kind bug
What this PR does / why we need it:
When applying a given AppArmor profile, the
Apply()
function should correctly handle the "Unconfined" profile type for both fields, theApparmor
(which is aSecurityProfile
type) andApparmorProfile
(a bare string), of theLinuxContainerSecurityContext
type.Related:
Init:CreateContainerError
on Ubuntu 24.04, k8s 1.30 cilium/cilium#32198Which issue(s) this PR fixes:
Fixes #8080.
Special notes for your reviewer:
None
Does this PR introduce a user-facing change?
None