Merge pull request #26604 from l0rd/seccomp-winpath

Fix seccomp profile path on Windows
2025-10-13 01:06:10 +08:00 · 2025-07-11 14:13:35 +00:00
parent e28445e9da 3e8b2d7d96
commit b059e47ff2
2 changed files with 60 additions and 2 deletions
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@ -737,8 +737,13 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 		case "proc-opts":
 			s.ProcOpts = strings.Split(val, ",")
 		case "seccomp":
-			s.SeccompProfilePath = val
-			s.Annotations[define.InspectAnnotationSeccomp] = val
+			convertedPath, err := specgen.ConvertWinMountPath(val)
+			if err != nil {
+				// If the conversion fails, use the original path
+				convertedPath = val
+			}
+			s.SeccompProfilePath = convertedPath
+			s.Annotations[define.InspectAnnotationSeccomp] = convertedPath
 			// this option is for docker compatibility, it is the same as unmask=ALL
 		case "systempaths":
 			if val == "unconfined" {
--- a/pkg/specgenutil/specgenutil_windows_test.go
+++ b/pkg/specgenutil/specgenutil_windows_test.go
@ -0,0 +1,53 @@
+//go:build windows
+
+package specgenutil
+
+import (
+	"os"
+	"testing"
+
+	"github.com/containers/podman/v5/pkg/domain/entities"
+	"github.com/containers/podman/v5/pkg/specgen"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSeccompProfilePath(t *testing.T) {
+	cwd, err := os.Getwd()
+	assert.NoError(t, err)
+	cwd_wsl, err := specgen.ConvertWinMountPath(cwd)
+	assert.NoError(t, err)
+
+	tests := []struct {
+		originalPath string
+		expectedPath string
+	}{
+		{`C:\Foo`, "/mnt/c/Foo"},
+		{`C:\Foo`, "/mnt/c/Foo"},
+		{`\\?\C:\Foo`, "/mnt/c/Foo"},
+		{`/c/bar`, "/mnt/c/bar"},
+		{`/c/bar`, "/mnt/c/bar"},
+		{`/mnt/c/bar`, "/mnt/c/bar"},
+		{`/test/this`, "/test/this"},
+		{`c:/bar/something`, "/mnt/c/bar/something"},
+		{`c`, cwd_wsl + "/c"},
+		{`\\computer\loc`, `\\computer\loc`},
+		{`\\.\drive\loc`, "/mnt/wsl/drive/loc"},
+	}
+
+	f := func(secopt string) (*specgen.SpecGenerator, error) {
+		sg := specgen.NewSpecGenerator("nothing", false)
+		err := FillOutSpecGen(sg, &entities.ContainerCreateOptions{
+			SecurityOpt: []string{secopt}}, []string{},
+		)
+		return sg, err
+	}
+
+	for _, test := range tests {
+		t.Run(test.originalPath, func(t *testing.T) {
+			msg := "Checking: " + test.originalPath
+			sg, err := f("seccomp=" + test.originalPath)
+			assert.NoError(t, err, msg)
+			assert.Equal(t, test.expectedPath, sg.SeccompProfilePath, msg)
+		})
+	}
+}