Fix AppArmor test for docker 1.13

test/e2e/apparmor.go

@@ -26,13 +26,20 @@ import (
 var _ = framework.KubeDescribe("AppArmor", func() {
 	f := framework.NewDefaultFramework("apparmor")
 
-	BeforeEach(func() {
-		common.SkipIfAppArmorNotSupported()
-		common.LoadAppArmorProfiles(f)
-	})
-
-	It("should enforce an AppArmor profile", func() {
-		common.CreateAppArmorTestPod(f, true)
-		framework.LogFailedContainers(f.ClientSet, f.Namespace.Name, framework.Logf)
+	Context("load AppArmor profiles", func() {
+		BeforeEach(func() {
+			common.SkipIfAppArmorNotSupported()
+			common.LoadAppArmorProfiles(f)
+		})
+		AfterEach(func() {
+			if !CurrentGinkgoTestDescription().Failed {
+				return
+			}
+			framework.LogFailedContainers(f.ClientSet, f.Namespace.Name, framework.Logf)
+		})
+
+		It("should enforce an AppArmor profile", func() {
+			common.CreateAppArmorTestPod(f, true)
+		})
 	})
 })

test/e2e/common/apparmor.go

@@ -58,8 +58,9 @@ if touch %[1]s; then
 elif ! touch %[2]s; then
   echo "FAILURE: write to %[2]s should be allowed"
   exit 2
-elif ! grep "%[3]s" /proc/1/attr/current; then
+elif ! grep "%[3]s" /proc/self/attr/current; then
   echo "FAILURE: not running with expected profile %[3]s"
+  echo "found: $(cat /proc/self/attr/current)"
   exit 3
 fi`, appArmorDeniedPath, appArmorAllowedPath, appArmorProfilePrefix+f.Namespace.Name)