mirror of
https://github.com/containers/podman.git
synced 2025-10-19 12:12:36 +08:00
Set default seccomp.json file for podman play kube
Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
committed by
Nalin Dahyabhai
Nalin Dahyabhai
parent
248bb61b14
commit
66c126d6de
@ -251,19 +251,10 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string, runtime *l
|
|||||||
}
|
}
|
||||||
|
|
||||||
if config.SeccompProfilePath == "" {
|
if config.SeccompProfilePath == "" {
|
||||||
if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
|
var err error
|
||||||
config.SeccompProfilePath = libpod.SeccompOverridePath
|
config.SeccompProfilePath, err = libpod.DefaultSeccompPath()
|
||||||
} else {
|
if err != nil {
|
||||||
if !os.IsNotExist(err) {
|
return err
|
||||||
return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
|
|
||||||
}
|
|
||||||
if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
|
|
||||||
if !os.IsNotExist(err) {
|
|
||||||
return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
config.SeccompProfilePath = libpod.SeccompDefaultPath
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
config.LabelOpts = labelOpts
|
config.LabelOpts = labelOpts
|
||||||
|
|||||||
@ -189,3 +189,20 @@ func programVersion(mountProgram string) (string, error) {
|
|||||||
}
|
}
|
||||||
return strings.TrimSuffix(output, "\n"), nil
|
return strings.TrimSuffix(output, "\n"), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func DefaultSeccompPath() (string, error) {
|
||||||
|
_, err := os.Stat(SeccompOverridePath)
|
||||||
|
if err == nil {
|
||||||
|
return SeccompOverridePath, nil
|
||||||
|
}
|
||||||
|
if !os.IsNotExist(err) {
|
||||||
|
return "", errors.Wrapf(err, "can't check if %q exists", SeccompOverridePath)
|
||||||
|
}
|
||||||
|
if _, err := os.Stat(SeccompDefaultPath); err != nil {
|
||||||
|
if !os.IsNotExist(err) {
|
||||||
|
return "", errors.Wrapf(err, "can't check if %q exists", SeccompDefaultPath)
|
||||||
|
}
|
||||||
|
return "", nil
|
||||||
|
}
|
||||||
|
return SeccompDefaultPath, nil
|
||||||
|
}
|
||||||
|
|||||||
@ -713,6 +713,11 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
var err error
|
||||||
|
containerConfig.SeccompProfilePath, err = libpod.DefaultSeccompPath()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
containerConfig.Command = []string{}
|
containerConfig.Command = []string{}
|
||||||
if imageData != nil && imageData.Config != nil {
|
if imageData != nil && imageData.Config != nil {
|
||||||
|
|||||||
Reference in New Issue
Block a user