var dirs … var poll … const parser … const apparmorfs … func main() { … } // No polling: run once and exit. func runOnce() { … } // Poll the directories indefinitely. func pollForever() { … } func loadNewProfiles() (success bool, newProfiles []string) { … } func getProfileNames(path string) ([]string, error) { … } func unloadedProfiles(loadedProfiles map[string]bool, profiles []string) bool { … } func loadProfiles(path string) error { … } // If the given fileinfo is a symlink, return the FileInfo of the target. Otherwise, return the // given fileinfo. func resolveSymlink(basePath string, entry os.DirEntry) (os.FileInfo, error) { … } // TODO: This is copied from k8s.io/kubernetes/pkg/security/apparmor.getLoadedProfiles. // // Refactor that method to expose it in a reusable way, and delete this version. func getLoadedProfiles() (map[string]bool, error) { … } // The profiles file is formatted with one profile per line, matching a form: // // namespace://profile-name (mode) // profile-name (mode) // // Where mode is {enforce, complain, kill}. The "namespace://" is only included for namespaced // profiles. For the purposes of Kubernetes, we consider the namespace part of the profile name. func parseProfileName(profileLine string) string { … }