opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-29 01:28:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

pkg/specgen/generate/kube: nolint and FIXMEs for seccomp deprecations

Browse Source 
Ref: https://github.com/containers/podman/issues/27501

Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This commit is contained in:
Lokesh Mandvekar
2025-11-11 10:14:08 -05:00
parent 96aba07d95
commit f47f74cad6
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/specgen/generate/kube/seccomp.go
View File

@@ -37,7 +37,8 @@ func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (
for annKeyValue, seccomp := range annotations { for annKeyValue, seccomp := range annotations {
// check if it is prefaced with container.seccomp.security.alpha.kubernetes.io/ // check if it is prefaced with container.seccomp.security.alpha.kubernetes.io/
prefixAndCtr := strings.Split(annKeyValue, "/") prefixAndCtr := strings.Split(annKeyValue, "/")
if prefixAndCtr[0]+"/" != v1.SeccompContainerAnnotationKeyPrefix { // FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
if prefixAndCtr[0]+"/" != v1.SeccompContainerAnnotationKeyPrefix { //nolint:staticcheck
continue continue
} else if len(prefixAndCtr) != 2 { } else if len(prefixAndCtr) != 2 {
// this could be caused by a user inputting either of // this could be caused by a user inputting either of
@@ -52,8 +53,8 @@ func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (
} }
seccompPaths.containerPaths[prefixAndCtr[1]] = path seccompPaths.containerPaths[prefixAndCtr[1]] = path
} }
// FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
podSeccomp, ok := annotations[v1.SeccompPodAnnotationKey] podSeccomp, ok := annotations[v1.SeccompPodAnnotationKey] //nolint:staticcheck
if ok { if ok {
seccompPaths.podPath, err = verifySeccompPath(podSeccomp, profileRoot) seccompPaths.podPath, err = verifySeccompPath(podSeccomp, profileRoot)
} else { } else {
@@ -70,9 +71,11 @@ func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (
// the available options are parsed as defined in https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp // the available options are parsed as defined in https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
func verifySeccompPath(path string, profileRoot string) (string, error) { func verifySeccompPath(path string, profileRoot string) (string, error) {
switch path { switch path {
case v1.DeprecatedSeccompProfileDockerDefault: // FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
case v1.DeprecatedSeccompProfileDockerDefault: //nolint:staticcheck
fallthrough fallthrough
case v1.SeccompProfileRuntimeDefault: // FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
case v1.SeccompProfileRuntimeDefault: //nolint:staticcheck
return libpod.DefaultSeccompPath() return libpod.DefaultSeccompPath()
case "unconfined": case "unconfined":
return path, nil return path, nil