opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-09 07:09:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix seccomp support

Browse Source 
If user does not specify seccomp file or seccomp file does not exist,
then use the default seccomp settings.

Still need to not hard code /etc/crio/seccomp.json, should move this to
/usr/share/seccomp/seccomp.json

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #233
Approved by: baude
This commit is contained in:
Daniel J Walsh
2018-01-17 11:03:07 -05:00
committed by Atomic Bot
parent 0befd8dafd
commit 0d69ca6637
8 changed files with 914 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cmd/podman/create.go
View File

@@ -218,8 +218,6 @@ func createCmd(c *cli.Context) error {
return nil
}
const seccompDefaultPath = "/etc/crio/seccomp.json"
func parseSecurityOpt(config *createConfig, securityOpts []string) error {
var (
labelOpts []string
@@ -269,12 +267,19 @@ func parseSecurityOpt(config *createConfig, securityOpts []string) error {
}
if config.SeccompProfilePath == "" {
if _, err := os.Stat(seccompDefaultPath); err != nil {
if !os.IsNotExist(err) {
return errors.Wrapf(err, "can't check if %q exists", seccompDefaultPath)
}
if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
config.SeccompProfilePath = libpod.SeccompOverridePath
} else {
config.SeccompProfilePath = seccompDefaultPath
if !os.IsNotExist(err) {
return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
}
if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
if !os.IsNotExist(err) {
return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
}
} else {
config.SeccompProfilePath = libpod.SeccompDefaultPath
}
}
}
config.ProcessLabel, config.MountLabel, err = label.InitLabels(labelOpts)