mirror of
				https://github.com/containers/podman.git
				synced 2025-10-27 03:06:22 +08:00 
			
		
		
		
	 4878dff3e2
			
		
	
	4878dff3e2
	
	
	
		
			
			In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like fails, the error message already contains the file name and the operation that fails, so there is no need to wrap the error with something like "open %s failed". While at it - replace a few places with os.Open, ioutil.ReadAll with ioutil.ReadFile. - replace errors.Wrapf with errors.Wrap for cases where there are no %-style arguments. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
		
			
				
	
	
		
			66 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			66 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // +build linux,cgo
 | |
| 
 | |
| package generate
 | |
| 
 | |
| import (
 | |
| 	"context"
 | |
| 	"io/ioutil"
 | |
| 
 | |
| 	goSeccomp "github.com/containers/common/pkg/seccomp"
 | |
| 	"github.com/containers/podman/v2/libpod/image"
 | |
| 	"github.com/containers/podman/v2/pkg/seccomp"
 | |
| 	"github.com/containers/podman/v2/pkg/specgen"
 | |
| 	spec "github.com/opencontainers/runtime-spec/specs-go"
 | |
| 	"github.com/pkg/errors"
 | |
| 	"github.com/sirupsen/logrus"
 | |
| )
 | |
| 
 | |
| func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *image.Image) (*spec.LinuxSeccomp, error) {
 | |
| 	var seccompConfig *spec.LinuxSeccomp
 | |
| 	var err error
 | |
| 	scp, err := seccomp.LookupPolicy(s.SeccompPolicy)
 | |
| 	if err != nil {
 | |
| 		return nil, err
 | |
| 	}
 | |
| 
 | |
| 	if scp == seccomp.PolicyImage {
 | |
| 		if img == nil {
 | |
| 			return nil, errors.New("cannot read seccomp profile without a valid image")
 | |
| 		}
 | |
| 		labels, err := img.Labels(context.Background())
 | |
| 		if err != nil {
 | |
| 			return nil, err
 | |
| 		}
 | |
| 		imagePolicy := labels[seccomp.ContainerImageLabel]
 | |
| 		if len(imagePolicy) < 1 {
 | |
| 			return nil, errors.New("no seccomp policy defined by image")
 | |
| 		}
 | |
| 		logrus.Debug("Loading seccomp profile from the security config")
 | |
| 		seccompConfig, err = goSeccomp.LoadProfile(imagePolicy, configSpec)
 | |
| 		if err != nil {
 | |
| 			return nil, errors.Wrap(err, "loading seccomp profile failed")
 | |
| 		}
 | |
| 		return seccompConfig, nil
 | |
| 	}
 | |
| 
 | |
| 	if s.SeccompProfilePath != "" {
 | |
| 		logrus.Debugf("Loading seccomp profile from %q", s.SeccompProfilePath)
 | |
| 		seccompProfile, err := ioutil.ReadFile(s.SeccompProfilePath)
 | |
| 		if err != nil {
 | |
| 			return nil, errors.Wrap(err, "opening seccomp profile failed")
 | |
| 		}
 | |
| 		seccompConfig, err = goSeccomp.LoadProfile(string(seccompProfile), configSpec)
 | |
| 		if err != nil {
 | |
| 			return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", s.SeccompProfilePath)
 | |
| 		}
 | |
| 	} else {
 | |
| 		logrus.Debug("Loading default seccomp profile")
 | |
| 		seccompConfig, err = goSeccomp.GetDefaultProfile(configSpec)
 | |
| 		if err != nil {
 | |
| 			return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", s.SeccompProfilePath)
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	return seccompConfig, nil
 | |
| }
 |