s/a/notify: implement protocol v5 with metadata tagging parser #15089
Conversation
Signed-off-by: Oliver Calder <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #15089 +/- ##
=========================================
Coverage ? 78.04%
=========================================
Files ? 1180
Lines ? 157898
Branches ? 0
=========================================
Hits ? 123232
Misses ? 27002
Partials ? 7664
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
Sat Feb 15 01:48:21 UTC 2025 Failures:Executing:
|
| // XXX: apparmor.KernelFeatures() already has this information, but | ||
| // we can't import apparmor here since that would be circular. | ||
| data, err := os.ReadFile(protocolFeaturesPath) | ||
| if err != nil { | ||
| return false | ||
| } | ||
| features := strings.Fields(string(data)) | ||
| if !strutil.ListContains(features, "tags") { | ||
| return false | ||
| } |
There was a problem hiding this comment.
I think we need to integrate tagging support checks into the existing AppArmor feature probing, since that will affect the way we generate profiles (to include tags or not). Then we should use the pre-checked apparmor features here, rather than re-writing this kind of thing here.
But as mentioned, sandbox/apparmor imports this package, so we can't import it here. We may need to move the actual feature probing to a dedicated sub-package of sandbox/apparmor and import it from both here and there.
Implement version 5 of the apparmor notification protocol, as defined here: https://docs.google.com/document/d/1_WvEM9Qi2Je2Vwulzv5TzHwLJ8ld0W8gTNESZZd9VsY/edit?tab=t.0#heading=h.q2d8zdyargyy
This work is tracked internally by https://warthogs.atlassian.net/browse/SNAPDENG-32517