podman/containers-libpod-pull-2225.diff

124 lines
4.4 KiB
Diff

diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh
index 627864f47..58c8af289 100755
--- a/contrib/cirrus/integration_test.sh
+++ b/contrib/cirrus/integration_test.sh
@@ -17,9 +17,9 @@ set -x
cd "$GOSRC"
case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
ubuntu-18)
- make install PREFIX=/usr ETCDIR=/etc "BUILDTAGS=$BUILDTAGS"
- make test-binaries "BUILDTAGS=$BUILDTAGS"
- SKIP_USERNS=1 make localintegration "BUILDTAGS=$BUILDTAGS"
+ make install PREFIX=/usr ETCDIR=/etc
+ make test-binaries
+ SKIP_USERNS=1 make localintegration
;;
fedora-29) ;& # Continue to the next item
fedora-28) ;&
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 32b2c91a5..39e6c7699 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -199,7 +199,7 @@ install_runc_from_git(){
cd "$DEST"
ooe.sh git fetch origin --tags
ooe.sh git checkout -q "$RUNC_COMMIT"
- ooe.sh make static BUILDTAGS="seccomp selinux"
+ ooe.sh make static BUILDTAGS="seccomp apparmor selinux"
sudo install -m 755 runc /usr/bin/runc
cd $wd
}
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index bcfe7e396..838f3c3f3 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -57,7 +57,6 @@ then
ubuntu-18)
# Always install runc on Ubuntu
install_runc_from_git
- envstr='export BUILDTAGS="seccomp $($GOSRC/hack/btrfs_tag.sh) $($GOSRC/hack/btrfs_installed_tag.sh) $($GOSRC/hack/ostree_tag.sh) varlink exclude_graphdriver_devicemapper"'
;;
fedora-29) ;& # Continue to the next item
fedora-28)
@@ -67,11 +66,9 @@ then
;& # Continue to the next item
centos-7) ;&
rhel-7)
- envstr='unset BUILDTAGS' # Use default from Makefile
;;
*) bad_os_id_ver ;;
esac
- X=$(echo "$envstr" | tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X"
# Do the same for golang env. vars
go env | while read envline
diff --git a/contrib/cirrus/system_test.sh b/contrib/cirrus/system_test.sh
index 66974f8c6..cb179407a 100755
--- a/contrib/cirrus/system_test.sh
+++ b/contrib/cirrus/system_test.sh
@@ -15,12 +15,9 @@ set -x
cd "$GOSRC"
case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
- ubuntu-18)
- make install.tools "BUILDTAGS=$BUILDTAGS"
- make "BUILDTAGS=$BUILDTAGS"
- make test-binaries "BUILDTAGS=$BUILDTAGS"
- ;;
+ ubuntu-18) ;& # Continue to the next item
fedora-28) ;&
+ fedora-29) ;&
centos-7) ;&
rhel-7)
make install.tools
diff --git a/contrib/cirrus/unit_test.sh b/contrib/cirrus/unit_test.sh
index 15403b7a7..fd9e82509 100755
--- a/contrib/cirrus/unit_test.sh
+++ b/contrib/cirrus/unit_test.sh
@@ -16,12 +16,8 @@ clean_env
set -x
cd "$GOSRC"
case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
- ubuntu-18)
- make install.tools "BUILDTAGS=$BUILDTAGS"
- make localunit "BUILDTAGS=$BUILDTAGS"
- make "BUILDTAGS=$BUILDTAGS"
- ;;
- fedora-29) ;& # Continue to the next item
+ ubuntu-18) ;& # Continue to the next item
+ fedora-29) ;&
fedora-28) ;&
centos-7) ;&
rhel-7)
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
index 0787b3fa5..2c5022c1f 100644
--- a/pkg/apparmor/apparmor_linux.go
+++ b/pkg/apparmor/apparmor_linux.go
@@ -214,8 +214,15 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
return name, nil
}
- if name != "" && rootless.IsRootless() {
- return "", errors.Wrapf(ErrApparmorRootless, "cannot load AppArmor profile %q", name)
+ // AppArmor is not supported in rootless mode as it requires root
+ // privileges. Return an error in case a specific profile is specified.
+ if rootless.IsRootless() {
+ if name != "" {
+ return "", errors.Wrapf(ErrApparmorRootless, "cannot load AppArmor profile %q", name)
+ } else {
+ logrus.Debug("skipping loading default AppArmor profile (rootless mode)")
+ return "", nil
+ }
}
if name != "" && !runcaa.IsEnabled() {
@@ -230,7 +237,7 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
return "", err
}
if !isLoaded {
- return "", fmt.Errorf("AppArmor profile %q specified but not loaded")
+ return "", fmt.Errorf("AppArmor profile %q specified but not loaded", name)
}
return name, nil
}