Don't use zgrep in check-config if apparmor profile is enforced

[dereknola]

Signed-off-by: Derek Nola [email protected]

Proposed Changes

Bypass zgrep on opensuse 15.4+, with an apparmor profile for zgrep due to CVE-2022-1271.

Types of Changes

Verification

1. Setup opensuse-leap vm (Just use the tests/e2e/validatecluster )and call:
   E2E_NODE_BOXES="opensuse/Leap-15.4.x86_64" vagrant up server-0 --no-provision
2. Run zypper in apparmor-utils apparmor-parser apparmor-profiles
3. Run aa-enforce zgrep
4. Install K3s
5. Run k3s check-config

Check config should pass with no issues

Testing

Linked Issues

#6278

User-Facing Change

Further Comments

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: +4.46 🎉

Comparison is base (2eddfe6) 46.95% compared to head (69115be) 51.42%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7939      +/-   ##
==========================================
+ Coverage   46.95%   51.42%   +4.46%     
==========================================
  Files         143      143              
  Lines       14560    14564       +4     
==========================================
+ Hits         6837     7489     +652     
+ Misses       6628     5890     -738     
- Partials     1095     1185      +90     

Flag	Coverage Δ
e2etests	49.24% <ø> (?)
inttests	44.42% <ø> (+0.09%)	⬆️
unittests	19.85% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 42 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.