opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-28 17:18:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

pkg/specgen/generate/kube: nolint and FIXMEs for seccomp deprecations

Browse Source 
Ref: https://github.com/containers/podman/issues/27501

Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This commit is contained in:
Lokesh Mandvekar
2025-11-11 10:14:08 -05:00
parent 96aba07d95
commit f47f74cad6
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/specgen/generate/kube/seccomp.go
View File

@@ -37,7 +37,8 @@ func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (
for annKeyValue, seccomp := range annotations {
// check if it is prefaced with container.seccomp.security.alpha.kubernetes.io/
prefixAndCtr := strings.Split(annKeyValue, "/")
if prefixAndCtr[0]+"/" != v1.SeccompContainerAnnotationKeyPrefix {
// FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
if prefixAndCtr[0]+"/" != v1.SeccompContainerAnnotationKeyPrefix { //nolint:staticcheck
continue
} else if len(prefixAndCtr) != 2 {
// this could be caused by a user inputting either of
@@ -52,8 +53,8 @@ func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (
}
seccompPaths.containerPaths[prefixAndCtr[1]] = path
}
podSeccomp, ok := annotations[v1.SeccompPodAnnotationKey]
// FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
podSeccomp, ok := annotations[v1.SeccompPodAnnotationKey] //nolint:staticcheck
if ok {
seccompPaths.podPath, err = verifySeccompPath(podSeccomp, profileRoot)
} else {
@@ -70,9 +71,11 @@ func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (
// the available options are parsed as defined in https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
func verifySeccompPath(path string, profileRoot string) (string, error) {
switch path {
case v1.DeprecatedSeccompProfileDockerDefault:
// FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
case v1.DeprecatedSeccompProfileDockerDefault: //nolint:staticcheck
fallthrough
case v1.SeccompProfileRuntimeDefault:
// FIXME: Rework for deprecation removal https://github.com/containers/podman/issues/27501
case v1.SeccompProfileRuntimeDefault: //nolint:staticcheck
return libpod.DefaultSeccompPath()
case "unconfined":
return path, nil