Merge pull request #4725 from kolyshkin/novar

lifubang · web-flow · commit f1eaad8597ba · 2025-04-15T18:10:28.000+08:00
libct/apparmor: don't use vars for public functions
diff --git a/libcontainer/apparmor/apparmor.go b/libcontainer/apparmor/apparmor.go
@@ -2,15 +2,17 @@ package apparmor
 
 import "errors"
 
-var (
-	// IsEnabled returns true if apparmor is enabled for the host.
-	IsEnabled = isEnabled
+// IsEnabled returns true if apparmor is enabled for the host.
+func IsEnabled() bool {
+	return isEnabled()
+}
 
-	// ApplyProfile will apply the profile with the specified name to the process after
-	// the next exec. It is only supported on Linux and produces an ErrApparmorNotEnabled
-	// on other platforms.
-	ApplyProfile = applyProfile
+// ApplyProfile will apply the profile with the specified name to the process
+// after the next exec. It is only supported on Linux and produces an
+// [ErrApparmorNotEnabled] on other platforms.
+func ApplyProfile(name string) error {
+	return applyProfile(name)
+}
 
-	// ErrApparmorNotEnabled indicates that AppArmor is not enabled or not supported.
-	ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported")
-)
+// ErrApparmorNotEnabled indicates that AppArmor is not enabled or not supported.
+var ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported")
diff --git a/libcontainer/apparmor/apparmor_linux.go b/libcontainer/apparmor/apparmor_linux.go
@@ -53,17 +53,16 @@ func setProcAttr(attr, value string) error {
 	return err
 }
 
-// changeOnExec reimplements aa_change_onexec from libapparmor in Go
+// changeOnExec reimplements aa_change_onexec from libapparmor in Go.
 func changeOnExec(name string) error {
 	if err := setProcAttr("exec", "exec "+name); err != nil {
 		return fmt.Errorf("apparmor failed to apply profile: %w", err)
 	}
 	return nil
 }
 
-// applyProfile will apply the profile with the specified name to the process after
-// the next exec. It is only supported on Linux and produces an error on other
-// platforms.
+// applyProfile will apply the profile with the specified name to the process
+// after the next exec.
 func applyProfile(name string) error {
 	if name == "" {
 		return nil

Original file line number	Diff line number	Diff line change
`@@ -53,17 +53,16 @@ func setProcAttr(attr, value string) error {`
`53`	`53`	`return err`
`54`	`54`	`}`
`55`	`55`
`56`		`-// changeOnExec reimplements aa_change_onexec from libapparmor in Go`
	`56`	`+// changeOnExec reimplements aa_change_onexec from libapparmor in Go.`
`57`	`57`	`func changeOnExec(name string) error {`
`58`	`58`	`if err := setProcAttr("exec", "exec "+name); err != nil {`
`59`	`59`	`return fmt.Errorf("apparmor failed to apply profile: %w", err)`
`60`	`60`	`}`
`61`	`61`	`return nil`
`62`	`62`	`}`
`63`	`63`
`64`		`-// applyProfile will apply the profile with the specified name to the process after`
`65`		`-// the next exec. It is only supported on Linux and produces an error on other`
`66`		`-// platforms.`
	`64`	`+// applyProfile will apply the profile with the specified name to the process`
	`65`	`+// after the next exec.`
`67`	`66`	`func applyProfile(name string) error {`
`68`	`67`	`if name == "" {`
`69`	`68`	`return nil`