Refactoring: remove duplicate code into utility function

EshaanAgg · Jun 28, 2024 · 1ad20fe · 1ad20fe
1 parent b2487c4
commit 1ad20fe
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 13 deletions.
diff --git a/benchexec/container.py b/benchexec/container.py
@@ -44,6 +44,7 @@
     "CONTAINER_GID",
     "CONTAINER_HOME",
     "CONTAINER_HOSTNAME",
+    "check_apparmor_userns_restriction",
 ]
 
 
@@ -124,6 +125,20 @@
 )
 
 
+def check_apparmor_userns_restriction(error: OSError):
+    """Check whether the passed OSError was likely caused by Ubuntu's AppArmor-based
+    restriction of user namespaces."""
+    return (
+        error.errno
+        in [
+            errno.EPERM,
+            errno.EACCES,
+        ]
+        and util.try_read_file("/proc/sys/kernel/apparmor_restrict_unprivileged_userns")
+        == "1"
+    )
+
+
 @contextlib.contextmanager
 def allocate_stack(size=DEFAULT_STACK_SIZE):
     """Allocate some memory that can be used as a stack.

diff --git a/benchexec/containerexecutor.py b/benchexec/containerexecutor.py
@@ -754,12 +754,7 @@ def child():
                         traceback.extract_tb(e.__traceback__, limit=-1)[0].line,
                         e,
                     )
-                    if util.try_read_file(
-                        "/proc/sys/kernel/apparmor_restrict_unprivileged_userns"
-                    ) == "1" and e.errno in [
-                        errno.EPERM,
-                        errno.EACCES,
-                    ]:
+                    if container.check_apparmor_userns_restriction(e):
                         logging.critical(container._ERROR_MSG_USER_NS_RESTRICTION)
                     return CHILD_OSERROR
 

diff --git a/benchexec/containerized_tool.py b/benchexec/containerized_tool.py
@@ -124,13 +124,7 @@ def _init_container_and_load_tool(tool_module, *args, **kwargs):
     try:
         _init_container(*args, **kwargs)
     except OSError as e:
-        if (
-            util.try_read_file("/proc/sys/kernel/apparmor_restrict_unprivileged_userns")
-            == "1"
-        ) and e.errno in [
-            errno.EPERM,
-            errno.EACCES,
-        ]:
+        if container.check_apparmor_userns_restriction(e):
             raise BenchExecException(container._ERROR_MSG_USER_NS_RESTRICTION)
         raise BenchExecException(f"Failed to configure container: {e}")
     return _load_tool(tool_module)