summaryrefslogtreecommitdiff
diff options
Diffstat
-rw-r--r--interfaces/apparmor/backend.go10
-rw-r--r--interfaces/apparmor/backend_test.go28
-rw-r--r--interfaces/backends/backends.go2
-rw-r--r--interfaces/backends/backends_test.go8
-rw-r--r--release/release.go6
-rw-r--r--sandbox/apparmor/apparmor.go58
-rw-r--r--sandbox/apparmor/apparmor_test.go26
7 files changed, 69 insertions, 69 deletions
diff --git a/interfaces/apparmor/backend.go b/interfaces/apparmor/backend.go
index f6331492fe..4644311ef4 100644
--- a/interfaces/apparmor/backend.go
+++ b/interfaces/apparmor/backend.go
@@ -333,7 +333,7 @@ func (b *Backend) Setup(snapInfo *snap.Info, opts interfaces.ConfinementOptions,
spec.(*Specification).AddLayout(snapInfo)
// core on classic is special
- if snapName == "core" && release.OnClassic && apparmor_sandbox.ProbedLevel() != apparmor_sandbox.NoAppArmor {
+ if snapName == "core" && release.OnClassic && apparmor_sandbox.ProbedLevel() != apparmor_sandbox.Unsupported {
if err := setupSnapConfineReexec(snapInfo); err != nil {
return fmt.Errorf("cannot create host snap-confine apparmor configuration: %s", err)
}
@@ -342,7 +342,7 @@ func (b *Backend) Setup(snapInfo *snap.Info, opts interfaces.ConfinementOptions,
// Deal with the "snapd" snap - we do the setup slightly differently
// here because this will run both on classic and on Ubuntu Core 18
// systems but /etc/apparmor.d is not writable on core18 systems
- if snapInfo.GetType() == snap.TypeSnapd && apparmor_sandbox.ProbedLevel() != apparmor_sandbox.NoAppArmor {
+ if snapInfo.GetType() == snap.TypeSnapd && apparmor_sandbox.ProbedLevel() != apparmor_sandbox.Unsupported {
if err := setupSnapConfineReexec(snapInfo); err != nil {
return fmt.Errorf("cannot create host snap-confine apparmor configuration: %s", err)
}
@@ -531,7 +531,7 @@ func addContent(securityTag string, snapInfo *snap.Info, opts interfaces.Confine
// When partial AppArmor is detected, use the classic template for now. We could
// use devmode, but that could generate confusing log entries for users running
// snaps on systems with partial AppArmor support.
- if apparmor_sandbox.ProbedLevel() == apparmor_sandbox.PartialAppArmor {
+ if apparmor_sandbox.ProbedLevel() == apparmor_sandbox.Partial {
// By default, downgrade confinement to the classic template when
// partial AppArmor support is detected. We don't want to use strict
// in general yet because older versions of the kernel did not
@@ -632,7 +632,7 @@ func (b *Backend) NewSpecification() interfaces.Specification {
// SandboxFeatures returns the list of apparmor features supported by the kernel.
func (b *Backend) SandboxFeatures() []string {
- if apparmor_sandbox.ProbedLevel() == apparmor_sandbox.NoAppArmor {
+ if apparmor_sandbox.ProbedLevel() == apparmor_sandbox.Unsupported {
return nil
}
@@ -653,7 +653,7 @@ func (b *Backend) SandboxFeatures() []string {
level := "full"
policy := "default"
- if apparmor_sandbox.ProbedLevel() == apparmor_sandbox.PartialAppArmor {
+ if apparmor_sandbox.ProbedLevel() == apparmor_sandbox.Partial {
level = "partial"
if downgradeConfinement() {
diff --git a/interfaces/apparmor/backend_test.go b/interfaces/apparmor/backend_test.go
index cd95390aad..b53a87aaa5 100644
--- a/interfaces/apparmor/backend_test.go
+++ b/interfaces/apparmor/backend_test.go
@@ -428,7 +428,7 @@ func (s *backendSuite) TestRemovingSnapDoesntBreakSnapsWIthPrefixName(c *C) {
}
func (s *backendSuite) TestRealDefaultTemplateIsNormallyUsed(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
snapInfo := snaptest.MockInfo(c, ifacetest.SambaYamlV1, nil)
@@ -510,7 +510,7 @@ snippet
}}
func (s *backendSuite) TestCombineSnippets(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
restore = apparmor.MockIsHomeUsingNFS(func() (bool, error) { return false, nil })
defer restore()
@@ -550,7 +550,7 @@ func (s *backendSuite) TestCombineSnippets(c *C) {
}
func (s *backendSuite) TestCombineSnippetsChangeProfile(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
restore = apparmor.MockIsHomeUsingNFS(func() (bool, error) { return false, nil })
defer restore()
@@ -588,7 +588,7 @@ func (s *backendSuite) TestCombineSnippetsChangeProfile(c *C) {
}
func (s *backendSuite) TestParallelInstallCombineSnippets(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
restore = apparmor.MockIsHomeUsingNFS(func() (bool, error) { return false, nil })
defer restore()
@@ -635,7 +635,7 @@ profile "snap.samba_foo.smbd" (attach_disconnected,mediate_deleted) {
}
func mockPartalAppArmorOnDistro(c *C, kernelVersion string, releaseID string, releaseIDLike ...string) (restore func()) {
- restore1 := apparmor_sandbox.MockLevel(apparmor_sandbox.PartialAppArmor)
+ restore1 := apparmor_sandbox.MockLevel(apparmor_sandbox.Partial)
restore2 := release.MockReleaseInfo(&release.OS{ID: releaseID, IDLike: releaseIDLike})
restore3 := osutil.MockKernelVersion(kernelVersion)
restore4 := apparmor.MockIsHomeUsingNFS(func() (bool, error) { return false, nil })
@@ -1450,7 +1450,7 @@ var nfsAndOverlaySnippetsScenarios = []nfsAndOverlaySnippetsScenario{{
}}
func (s *backendSuite) TestNFSAndOverlaySnippets(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
restore = apparmor.MockIsHomeUsingNFS(func() (bool, error) { return true, nil })
defer restore()
@@ -1496,7 +1496,7 @@ var casperOverlaySnippetsScenarios = []nfsAndOverlaySnippetsScenario{{
}}
func (s *backendSuite) TestCasperOverlaySnippets(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
restore = apparmor.MockIsHomeUsingNFS(func() (bool, error) { return false, nil })
defer restore()
@@ -1524,7 +1524,7 @@ func (s *backendSuite) TestNsProfile(c *C) {
}
func (s *backendSuite) TestSandboxFeatures(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
restore = apparmor.MockKernelFeatures(func() ([]string, error) { return []string{"foo", "bar"}, nil })
defer restore()
@@ -1535,7 +1535,7 @@ func (s *backendSuite) TestSandboxFeatures(c *C) {
}
func (s *backendSuite) TestSandboxFeaturesPartial(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.PartialAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Partial)
defer restore()
restore = release.MockReleaseInfo(&release.OS{ID: "opensuse-tumbleweed"})
defer restore()
@@ -1578,7 +1578,7 @@ apps:
func (s *backendSuite) TestDowngradeConfinement(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.PartialAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Partial)
defer restore()
for _, tc := range []struct {
@@ -1604,7 +1604,7 @@ func (s *backendSuite) TestDowngradeConfinement(c *C) {
func (s *backendSuite) TestPtraceTraceRule(c *C) {
restoreTemplate := apparmor.MockTemplate("template\n###SNIPPETS###\n")
defer restoreTemplate()
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
restore = apparmor.MockIsHomeUsingNFS(func() (bool, error) { return false, nil })
defer restore()
@@ -1749,7 +1749,7 @@ func (s *backendSuite) TestPtraceTraceRule(c *C) {
func (s *backendSuite) TestHomeIxRule(c *C) {
restoreTemplate := apparmor.MockTemplate("template\n###SNIPPETS###\nneedle rwkl###HOME_IX###,\n")
defer restoreTemplate()
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
restore = apparmor.MockIsHomeUsingNFS(func() (bool, error) { return false, nil })
defer restore()
@@ -1791,7 +1791,7 @@ func (s *backendSuite) TestHomeIxRule(c *C) {
func (s *backendSuite) TestSystemUsernamesPolicy(c *C) {
restoreTemplate := apparmor.MockTemplate("template\n###SNIPPETS###\n")
defer restoreTemplate()
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
snapYaml := `
@@ -1816,7 +1816,7 @@ apps:
func (s *backendSuite) TestNoSystemUsernamesPolicy(c *C) {
restoreTemplate := apparmor.MockTemplate("template\n###SNIPPETS###\n")
defer restoreTemplate()
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
snapYaml := `
diff --git a/interfaces/backends/backends.go b/interfaces/backends/backends.go
index 9937bfcfa1..64981ff780 100644
--- a/interfaces/backends/backends.go
+++ b/interfaces/backends/backends.go
@@ -70,7 +70,7 @@ func backends() []interfaces.SecurityBackend {
// When some features are missing the backend will generate more permissive
// profiles that keep applications operational, in forced-devmode.
switch apparmor_sandbox.ProbedLevel() {
- case apparmor_sandbox.PartialAppArmor, apparmor_sandbox.FullAppArmor:
+ case apparmor_sandbox.Partial, apparmor_sandbox.Full:
all = append(all, &apparmor.Backend{})
}
return all
diff --git a/interfaces/backends/backends_test.go b/interfaces/backends/backends_test.go
index 1e9a511cb1..8ef1ea6a9e 100644
--- a/interfaces/backends/backends_test.go
+++ b/interfaces/backends/backends_test.go
@@ -36,7 +36,7 @@ type backendsSuite struct{}
var _ = Suite(&backendsSuite{})
func (s *backendsSuite) TestIsAppArmorEnabled(c *C) {
- for _, level := range []apparmor_sandbox.AppArmorLevelType{apparmor_sandbox.NoAppArmor, apparmor_sandbox.UnusableAppArmor, apparmor_sandbox.PartialAppArmor, apparmor_sandbox.FullAppArmor} {
+ for _, level := range []apparmor_sandbox.LevelType{apparmor_sandbox.Unsupported, apparmor_sandbox.Unusable, apparmor_sandbox.Partial, apparmor_sandbox.Full} {
restore := apparmor_sandbox.MockLevel(level)
defer restore()
@@ -46,9 +46,9 @@ func (s *backendsSuite) TestIsAppArmorEnabled(c *C) {
names[i] = string(backend.Name())
}
switch level {
- case apparmor_sandbox.NoAppArmor, apparmor_sandbox.UnusableAppArmor:
+ case apparmor_sandbox.Unsupported, apparmor_sandbox.Unusable:
c.Assert(names, Not(testutil.Contains), "apparmor")
- case apparmor_sandbox.PartialAppArmor, apparmor_sandbox.FullAppArmor:
+ case apparmor_sandbox.Partial, apparmor_sandbox.Full:
c.Assert(names, testutil.Contains, "apparmor")
}
@@ -56,7 +56,7 @@ func (s *backendsSuite) TestIsAppArmorEnabled(c *C) {
}
func (s *backendsSuite) TestEssentialOrdering(c *C) {
- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.FullAppArmor)
+ restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Full)
defer restore()
all := backends.Backends()
diff --git a/release/release.go b/release/release.go
index 2baa3f8008..be5534f8e8 100644
--- a/release/release.go
+++ b/release/release.go
@@ -44,7 +44,7 @@ type OS struct {
// ForceDevMode returns true if the distribution doesn't implement required
// security features for confinement and devmode is forced.
func (o *OS) ForceDevMode() bool {
- return apparmor.ProbedLevel() != apparmor.FullAppArmor
+ return apparmor.ProbedLevel() != apparmor.Full
}
// DistroLike checks if the distribution ID or ID_LIKE matches one of the given names.
@@ -161,9 +161,9 @@ func MockReleaseInfo(osRelease *OS) (restore func()) {
// MockForcedDevmode fake the system to believe its in a distro
// that is in ForcedDevmode
func MockForcedDevmode(isDevmode bool) (restore func()) {
- level := apparmor.FullAppArmor
+ level := apparmor.Full
if isDevmode {
- level = apparmor.NoAppArmor
+ level = apparmor.Unsupported
}
return apparmor.MockLevel(level)
}
diff --git a/sandbox/apparmor/apparmor.go b/sandbox/apparmor/apparmor.go
index f261c1d88d..27d1f868e4 100644
--- a/sandbox/apparmor/apparmor.go
+++ b/sandbox/apparmor/apparmor.go
@@ -33,35 +33,35 @@ import (
"github.com/snapcore/snapd/strutil"
)
-// AppArmorLevelType encodes the kind of support for apparmor
+// LevelType encodes the kind of support for apparmor
// found on this system.
-type AppArmorLevelType int
+type LevelType int
const (
- // UnknownAppArmor indicates that apparmor was not probed yet.
- UnknownAppArmor AppArmorLevelType = iota
- // NoAppArmor indicates that apparmor is not enabled.
- NoAppArmor
- // UnusableAppArmor indicates that apparmor is enabled but cannot be used.
- UnusableAppArmor
- // PartialAppArmor indicates that apparmor is enabled but some
+ // Unknown indicates that apparmor was not probed yet.
+ Unknown LevelType = iota
+ // Unsupported indicates that apparmor is not enabled.
+ Unsupported
+ // Unusable indicates that apparmor is enabled but cannot be used.
+ Unusable
+ // Partial indicates that apparmor is enabled but some
// features are missing.
- PartialAppArmor
- // FullAppArmor indicates that all features are supported.
- FullAppArmor
+ Partial
+ // Full indicates that all features are supported.
+ Full
)
-func (level AppArmorLevelType) String() string {
+func (level LevelType) String() string {
switch level {
- case UnknownAppArmor:
+ case Unknown:
return "unknown"
- case NoAppArmor:
+ case Unsupported:
return "none"
- case UnusableAppArmor:
+ case Unusable:
return "unusable"
- case PartialAppArmor:
+ case Partial:
return "partial"
- case FullAppArmor:
+ case Full:
return "full"
}
return fmt.Sprintf("AppArmorLevelType:%d", level)
@@ -72,7 +72,7 @@ var appArmorAssessment = &appArmorAssess{appArmorProber: &appArmorProbe{}}
// ProbedLevel quantifies how well apparmor is supported on the current
// kernel. The computation is costly to perform. The result is cached internally.
-func ProbedLevel() AppArmorLevelType {
+func ProbedLevel() LevelType {
appArmorAssessment.assess()
return appArmorAssessment.level
}
@@ -159,7 +159,7 @@ type appArmorProber interface {
type appArmorAssess struct {
appArmorProber
// level contains the assessment of the "level" of apparmor support.
- level AppArmorLevelType
+ level LevelType
// summary contains a human readable description of the assessment.
summary string
@@ -172,17 +172,17 @@ func (aaa *appArmorAssess) assess() {
})
}
-func (aaa *appArmorAssess) doAssess() (level AppArmorLevelType, summary string) {
+func (aaa *appArmorAssess) doAssess() (level LevelType, summary string) {
// First, quickly check if apparmor is available in the kernel at all.
kernelFeatures, err := aaa.KernelFeatures()
if os.IsNotExist(err) {
- return NoAppArmor, "apparmor not enabled"
+ return Unsupported, "apparmor not enabled"
}
// Then check that the parser supports the required parser features.
// If we have any missing required features then apparmor is unusable.
parserFeatures, err := aaa.ParserFeatures()
if os.IsNotExist(err) {
- return NoAppArmor, "apparmor_parser not found"
+ return Unsupported, "apparmor_parser not found"
}
var missingParserFeatures []string
for _, feature := range requiredParserFeatures {
@@ -193,7 +193,7 @@ func (aaa *appArmorAssess) doAssess() (level AppArmorLevelType, summary string)
if len(missingParserFeatures) > 0 {
summary := fmt.Sprintf("apparmor_parser is available but required parser features are missing: %s",
strings.Join(missingParserFeatures, ", "))
- return UnusableAppArmor, summary
+ return Unusable, summary
}
// Next, check that the kernel supports the required kernel features.
@@ -206,7 +206,7 @@ func (aaa *appArmorAssess) doAssess() (level AppArmorLevelType, summary string)
if len(missingKernelFeatures) > 0 {
summary := fmt.Sprintf("apparmor is enabled but required kernel features are missing: %s",
strings.Join(missingKernelFeatures, ", "))
- return UnusableAppArmor, summary
+ return Unusable, summary
}
// Next check that the parser supports preferred parser features.
@@ -219,7 +219,7 @@ func (aaa *appArmorAssess) doAssess() (level AppArmorLevelType, summary string)
if len(missingParserFeatures) > 0 {
summary := fmt.Sprintf("apparmor_parser is available but some features are missing: %s",
strings.Join(missingParserFeatures, ", "))
- return PartialAppArmor, summary
+ return Partial, summary
}
// Lastly check that the kernel supports preferred kernel features.
@@ -231,11 +231,11 @@ func (aaa *appArmorAssess) doAssess() (level AppArmorLevelType, summary string)
if len(missingKernelFeatures) > 0 {
summary := fmt.Sprintf("apparmor is enabled but some kernel features are missing: %s",
strings.Join(missingKernelFeatures, ", "))
- return PartialAppArmor, summary
+ return Partial, summary
}
// If we got here then all features are available and supported.
- return FullAppArmor, "apparmor is enabled and all features are available"
+ return Full, "apparmor is enabled and all features are available"
}
type appArmorProbe struct {
@@ -340,7 +340,7 @@ func (m *mockAppArmorProbe) ParserFeatures() ([]string, error) {
// AppArmor kernel and parser features are set to unrealistic values that do
// not match the requested level. Use this function to observe behavior that
// relies solely on the apparmor level value.
-func MockLevel(level AppArmorLevelType) (restore func()) {
+func MockLevel(level LevelType) (restore func()) {
oldAppArmorAssessment := appArmorAssessment
mockProbe := &mockAppArmorProbe{
kernelFeatures: []string{"mocked-kernel-feature"},
diff --git a/sandbox/apparmor/apparmor_test.go b/sandbox/apparmor/apparmor_test.go
index bddf74a443..2867d8390e 100644
--- a/sandbox/apparmor/apparmor_test.go
+++ b/sandbox/apparmor/apparmor_test.go
@@ -41,16 +41,16 @@ type apparmorSuite struct{}
var _ = Suite(&apparmorSuite{})
func (*apparmorSuite) TestAppArmorLevelTypeStringer(c *C) {
- c.Check(apparmor.UnknownAppArmor.String(), Equals, "unknown")
- c.Check(apparmor.NoAppArmor.String(), Equals, "none")
- c.Check(apparmor.UnusableAppArmor.String(), Equals, "unusable")
- c.Check(apparmor.PartialAppArmor.String(), Equals, "partial")
- c.Check(apparmor.FullAppArmor.String(), Equals, "full")
- c.Check(apparmor.AppArmorLevelType(42).String(), Equals, "AppArmorLevelType:42")
+ c.Check(apparmor.Unknown.String(), Equals, "unknown")
+ c.Check(apparmor.Unsupported.String(), Equals, "none")
+ c.Check(apparmor.Unusable.String(), Equals, "unusable")
+ c.Check(apparmor.Partial.String(), Equals, "partial")
+ c.Check(apparmor.Full.String(), Equals, "full")
+ c.Check(apparmor.LevelType(42).String(), Equals, "AppArmorLevelType:42")
}
func (*apparmorSuite) TestMockAppArmorLevel(c *C) {
- for _, lvl := range []apparmor.AppArmorLevelType{apparmor.NoAppArmor, apparmor.UnusableAppArmor, apparmor.PartialAppArmor, apparmor.FullAppArmor} {
+ for _, lvl := range []apparmor.LevelType{apparmor.Unsupported, apparmor.Unusable, apparmor.Partial, apparmor.Full} {
restore := apparmor.MockLevel(lvl)
c.Check(apparmor.ProbedLevel(), Equals, lvl)
c.Check(apparmor.Summary(), testutil.Contains, "mocked apparmor level: ")
@@ -68,7 +68,7 @@ func (*apparmorSuite) TestMockAppArmorLevel(c *C) {
func (*apparmorSuite) TestMockAppArmorFeatures(c *C) {
// No apparmor in the kernel, apparmor is disabled.
restore := apparmor.MockFeatures([]string{}, os.ErrNotExist, []string{}, nil)
- c.Check(apparmor.ProbedLevel(), Equals, apparmor.NoAppArmor)
+ c.Check(apparmor.ProbedLevel(), Equals, apparmor.Unsupported)
c.Check(apparmor.Summary(), Equals, "apparmor not enabled")
features, err := apparmor.KernelFeatures()
c.Assert(err, Equals, os.ErrNotExist)
@@ -80,7 +80,7 @@ func (*apparmorSuite) TestMockAppArmorFeatures(c *C) {
// No apparmor_parser, apparmor is disabled.
restore = apparmor.MockFeatures([]string{}, nil, []string{}, os.ErrNotExist)
- c.Check(apparmor.ProbedLevel(), Equals, apparmor.NoAppArmor)
+ c.Check(apparmor.ProbedLevel(), Equals, apparmor.Unsupported)
c.Check(apparmor.Summary(), Equals, "apparmor_parser not found")
features, err = apparmor.KernelFeatures()
c.Assert(err, IsNil)
@@ -92,7 +92,7 @@ func (*apparmorSuite) TestMockAppArmorFeatures(c *C) {
// Complete kernel features but apparmor is unusable because of missing required parser features.
restore = apparmor.MockFeatures(apparmor.RequiredKernelFeatures, nil, []string{}, nil)
- c.Check(apparmor.ProbedLevel(), Equals, apparmor.UnusableAppArmor)
+ c.Check(apparmor.ProbedLevel(), Equals, apparmor.Unusable)
c.Check(apparmor.Summary(), Equals, "apparmor_parser is available but required parser features are missing: unsafe")
features, err = apparmor.KernelFeatures()
c.Assert(err, IsNil)
@@ -105,7 +105,7 @@ func (*apparmorSuite) TestMockAppArmorFeatures(c *C) {
// Complete parser features but apparmor is unusable because of missing required kernel features.
// The dummy feature is there to pretend that apparmor in the kernel is not entirely disabled.
restore = apparmor.MockFeatures([]string{"dummy-feature"}, nil, apparmor.RequiredParserFeatures, nil)
- c.Check(apparmor.ProbedLevel(), Equals, apparmor.UnusableAppArmor)
+ c.Check(apparmor.ProbedLevel(), Equals, apparmor.Unusable)
c.Check(apparmor.Summary(), Equals, "apparmor is enabled but required kernel features are missing: file")
features, err = apparmor.KernelFeatures()
c.Assert(err, IsNil)
@@ -117,7 +117,7 @@ func (*apparmorSuite) TestMockAppArmorFeatures(c *C) {
// Required kernel and parser features available, some optional features are missing though.
restore = apparmor.MockFeatures(apparmor.RequiredKernelFeatures, nil, apparmor.RequiredParserFeatures, nil)
- c.Check(apparmor.ProbedLevel(), Equals, apparmor.PartialAppArmor)
+ c.Check(apparmor.ProbedLevel(), Equals, apparmor.Partial)
c.Check(apparmor.Summary(), Equals, "apparmor is enabled but some kernel features are missing: caps, dbus, domain, mount, namespaces, network, ptrace, signal")
features, err = apparmor.KernelFeatures()
c.Assert(err, IsNil)
@@ -129,7 +129,7 @@ func (*apparmorSuite) TestMockAppArmorFeatures(c *C) {
// Preferred kernel and parser features available.
restore = apparmor.MockFeatures(apparmor.PreferredKernelFeatures, nil, apparmor.PreferredParserFeatures, nil)
- c.Check(apparmor.ProbedLevel(), Equals, apparmor.FullAppArmor)
+ c.Check(apparmor.ProbedLevel(), Equals, apparmor.Full)
c.Check(apparmor.Summary(), Equals, "apparmor is enabled and all features are available")
features, err = apparmor.KernelFeatures()
c.Assert(err, IsNil)
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-06 18:03:47 +0000