Set default seccomp.json file for podman play kube

Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-10-18 19:53:58 +08:00 · 2019-10-29 13:33:44 -04:00
parent 248bb61b14
commit 66c126d6de
3 changed files with 26 additions and 13 deletions
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@ -251,19 +251,10 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string, runtime *l
 	}

 	if config.SeccompProfilePath == "" {
-		if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
-			config.SeccompProfilePath = libpod.SeccompOverridePath
-		} else {
-			if !os.IsNotExist(err) {
-				return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
-			}
-			if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
-				if !os.IsNotExist(err) {
-					return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
-				}
-			} else {
-				config.SeccompProfilePath = libpod.SeccompDefaultPath
-			}
+		var err error
+		config.SeccompProfilePath, err = libpod.DefaultSeccompPath()
+		if err != nil {
+			return err
 		}
 	}
 	config.LabelOpts = labelOpts
--- a/libpod/util.go
+++ b/libpod/util.go
@ -189,3 +189,20 @@ func programVersion(mountProgram string) (string, error) {
 	}
 	return strings.TrimSuffix(output, "\n"), nil
 }
+
+func DefaultSeccompPath() (string, error) {
+	_, err := os.Stat(SeccompOverridePath)
+	if err == nil {
+		return SeccompOverridePath, nil
+	}
+	if !os.IsNotExist(err) {
+		return "", errors.Wrapf(err, "can't check if %q exists", SeccompOverridePath)
+	}
+	if _, err := os.Stat(SeccompDefaultPath); err != nil {
+		if !os.IsNotExist(err) {
+			return "", errors.Wrapf(err, "can't check if %q exists", SeccompDefaultPath)
+		}
+		return "", nil
+	}
+	return SeccompDefaultPath, nil
+}
--- a/pkg/adapter/pods.go
+++ b/pkg/adapter/pods.go
@ -713,6 +713,11 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
 			}
 		}
 	}
+	var err error
+	containerConfig.SeccompProfilePath, err = libpod.DefaultSeccompPath()
+	if err != nil {
+		return nil, err
+	}

 	containerConfig.Command = []string{}
 	if imageData != nil && imageData.Config != nil {