seccomp, apparmor: add go:noinline

Tests in pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline since Go 1.21. e.g., > ``` > === FAIL: pkg/cri/sbserver TestGenerateSeccompSecurityProfileSpecOpts/should_set_default_seccomp_when_seccomp_is_runtime/default (0.00s) > container_create_linux_test.go:1013: > Error Trace: /home/runner/work/containerd/containerd/pkg/cri/sbserver/container_create_linux_test.go:1013 > Error: Not equal: > expected: 0x263d880 > actual : 0x263cbc0 > Test: TestGenerateSeccompSecurityProfileSpecOpts/should_set_default_seccomp_when_seccomp_is_runtime/default > ``` See comments in PR 8957. Thanks to Wei Fu for analyzing this. Co-authored-by: Wei Fu <[email protected]> Signed-off-by: Akihiro Suda <[email protected]>
thaJeztah · Aug 17, 2023 · 0f043ae · 0f043ae
1 parent 5d9bf7d
commit 0f043ae
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/contrib/apparmor/apparmor.go b/contrib/apparmor/apparmor.go
@@ -39,6 +39,11 @@ func WithProfile(profile string) oci.SpecOpts {
 
 // WithDefaultProfile will generate a default apparmor profile under the provided name
 // for the container.  It is only generated if a profile under that name does not exist.
+//
+// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
+// since Go 1.21.
+//
+//go:noinline
 func WithDefaultProfile(name string) oci.SpecOpts {
 	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
 		if err := LoadDefaultProfile(name); err != nil {

diff --git a/contrib/seccomp/seccomp.go b/contrib/seccomp/seccomp.go
@@ -30,6 +30,11 @@ import (
 // WithProfile receives the name of a file stored on disk comprising a json
 // formatted seccomp profile, as specified by the opencontainers/runtime-spec.
 // The profile is read from the file, unmarshaled, and set to the spec.
+//
+// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
+// since Go 1.21.
+//
+//go:noinline
 func WithProfile(profile string) oci.SpecOpts {
 	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
 		s.Linux.Seccomp = &specs.LinuxSeccomp{}
@@ -46,6 +51,11 @@ func WithProfile(profile string) oci.SpecOpts {
 
 // WithDefaultProfile sets the default seccomp profile to the spec.
 // Note: must follow the setting of process capabilities
+//
+// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
+// since Go 1.21.
+//
+//go:noinline
 func WithDefaultProfile() oci.SpecOpts {
 	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
 		s.Linux.Seccomp = DefaultProfile(s)