security-profiles-operator icon indicating copy to clipboard operation
security-profiles-operator copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

apparmor: Add AppArmor info at start time

Open pjbgf opened this issue 3 years ago • 6 comments

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

Provides additional information for users using AppArmor to debug potential setup issues. An example of what the SPO will write onto logs at the start:

I0809 18:39:30.678856   21442 apparmorprofile.go:279] apparmor-spod "msg"="detecting apparmor support..." 
I0809 18:39:30.679580   21442 apparmorprofile.go:286] apparmor-spod "msg"="apparmor enabled: OK" 
I0809 18:39:30.679682   21442 apparmorprofile.go:289] apparmor-spod "msg"="apparmor fs:  (appArmor mount point: could not complete operation)" 
I0809 18:39:30.679768   21442 apparmorprofile.go:292] apparmor-spod "msg"="apparmor enforceable: OK"

Which issue(s) this PR fixes:

None

Does this PR have test?

N/A

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Additional debug information about AppArmor state is now provided at start-up.

pjbgf avatar Aug 09 '22 18:08 pjbgf

Codecov Report

Merging #1079 (01a3bbd) into main (8e1b375) will decrease coverage by 0.29%. The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #1079      +/-   ##
==========================================
- Coverage   50.43%   50.13%   -0.30%     
==========================================
  Files          42       42              
  Lines        4761     4789      +28     
==========================================
  Hits         2401     2401              
- Misses       2281     2309      +28     
  Partials       79       79

codecov-commenter avatar Aug 09 '22 18:08 codecov-commenter

Noticed that some dependencies were being downgraded as part of the change - reverted such changes.

pjbgf avatar Aug 09 '22 19:08 pjbgf

This linter warning is confusing:

 internal/pkg/daemon/apparmorprofile/apparmorprofile.go:29:2: Expected 'a', Found 'c' at internal/pkg/daemon/apparmorprofile/apparmorprofile.go[line 29,col 2] (gci)
	ctrl "sigs.k8s.io/controller-runtime"

but it pretty much means that the imports must be sorted alphabetically. I think the linter has a --fix option that should do all that.

jhrozek avatar Aug 10 '22 07:08 jhrozek

the code looks OK to me btw

jhrozek avatar Aug 10 '22 07:08 jhrozek

@jhrozek thank you for the review and pointing out the linter issue. PTAL

pjbgf avatar Aug 13 '22 10:08 pjbgf

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jhrozek, pjbgf

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot avatar Aug 15 '22 08:08 k8s-ci-robot