Revert "Add apparmor support"

This reverts commit 96633a3. Revert "wip" This reverts commit d20ceaa.
singholt · Oct 25, 2023 · 8f6ad52 · 8f6ad52
1 parent 75db5cb
commit 8f6ad52
Show file tree

Hide file tree

Showing 16 changed files with 60 additions and 670 deletions.
diff --git a/ecs-init/apparmor/apparmor.go b/ecs-init/apparmor/apparmor.go
diff --git a/ecs-init/apparmor/apparmor_test.go b/ecs-init/apparmor/apparmor_test.go
diff --git a/ecs-init/config/development.go b/ecs-init/config/development.go
@@ -0,0 +1,51 @@
+//go:build development
+// +build development
+
+// Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+// http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package config
+
+import (
+	"fmt"
+	"os"
+)
+
+var directoryPrefix string
+var s3Bucket string
+
+func init() {
+	fmt.Println("****************")
+	fmt.Println("DEVELOPMENT MODE")
+	directoryPrefix = getDirectoryPrefix()
+	s3Bucket = getS3Bucket()
+	fmt.Println("****************")
+}
+
+func getDirectoryPrefix() string {
+	return getEnvWithDefault("PATH_PREFIX", "/tmp")
+}
+
+func getS3Bucket() string {
+	return getEnvWithDefault("S3_BUCKET_OVERRIDE", "amazon-ecs-agent")
+}
+
+func getEnvWithDefault(environmentVariable, defaultIfMissing string) string {
+	env := os.Getenv(environmentVariable)
+	if env == "" {
+		fmt.Printf("%s not set, using %s\n", environmentVariable, defaultIfMissing)
+		return defaultIfMissing
+	}
+	fmt.Printf("%s set as %s\n", environmentVariable, env)
+	return env
+}
diff --git a/ecs-init/config/release.go b/ecs-init/config/release.go
@@ -1,3 +1,6 @@
+//go:build !development
+// +build !development
+
 // Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License"). You may

diff --git a/ecs-init/docker/docker_config.go b/ecs-init/docker/docker_config.go
@@ -14,11 +14,7 @@
 package docker
 
 import (
-	"fmt"
-
-	"github.com/aws/amazon-ecs-agent/ecs-init/apparmor"
 	"github.com/aws/amazon-ecs-agent/ecs-init/config"
-	ctrdapparmor "github.com/containerd/containerd/pkg/apparmor"
 	godocker "github.com/fsouza/go-dockerclient"
 )
 
@@ -66,10 +62,6 @@ func createHostConfig(binds []string) *godocker.HostConfig {
 		Init:        true,
 	}
 
-	if ctrdapparmor.HostSupports() {
-		hostConfig.SecurityOpt = []string{fmt.Sprintf("apparmor:%s", apparmor.ECSDefaultProfileName)}
-	}
-
 	if config.RunPrivileged() {
 		hostConfig.Privileged = true
 	}

diff --git a/ecs-init/engine/engine.go b/ecs-init/engine/engine.go
@@ -21,7 +21,6 @@ import (
 	"os"
 	"time"
 
-	"github.com/aws/amazon-ecs-agent/ecs-init/apparmor"
 	"github.com/aws/amazon-ecs-agent/ecs-init/backoff"
 	"github.com/aws/amazon-ecs-agent/ecs-init/cache"
 	"github.com/aws/amazon-ecs-agent/ecs-init/config"
@@ -32,7 +31,6 @@ import (
 	"github.com/aws/amazon-ecs-agent/ecs-init/gpu"
 
 	log "github.com/cihub/seelog"
-	ctrdapparmor "github.com/containerd/containerd/pkg/apparmor"
 )
 
 const (
@@ -51,13 +49,9 @@ const (
 )
 
 // Injection point for testing purposes
-var (
-	getDockerClient = func() (dockerClient, error) {
-		return docker.Client()
-	}
-	hostSupports       = ctrdapparmor.HostSupports
-	loadDefaultProfile = apparmor.LoadDefaultProfile
-)
+var getDockerClient = func() (dockerClient, error) {
+	return docker.Client()
+}
 
 func dockerError(err error) error {
 	return engineError("could not create docker client", err)
@@ -119,11 +113,6 @@ func (e *Engine) PreStart() error {
 	if err != nil {
 		return err
 	}
-	// setup AppArmor if necessary
-	err = e.PreStartAppArmor()
-	if err != nil {
-		return err
-	}
 	// Enable use of loopback addresses for local routing purposes
 	log.Info("pre-start: enabling loopback routing")
 	err = e.loopbackRouting.Enable()
@@ -206,16 +195,6 @@ func (e *Engine) PreStartGPU() error {
 	return nil
 }
 
-// PreStartAppArmor sets up the ecs-default AppArmor profile if we're running
-// on an AppArmor-enabled system.
-func (e *Engine) PreStartAppArmor() error {
-	if hostSupports() {
-		log.Infof("pre-start: setting up %s AppArmor profile", apparmor.ECSDefaultProfileName)
-		return loadDefaultProfile(apparmor.ECSDefaultProfileName)
-	}
-	return nil
-}
-
 // ReloadCache reloads the cached image of the ECS Agent into Docker
 func (e *Engine) ReloadCache() error {
 	docker, err := getDockerClient()