mirror of
https://github.com/containers/podman.git
synced 2025-05-20 08:36:23 +08:00
8489dc4345
With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
66 lines
2.0 KiB
Go
66 lines
2.0 KiB
Go
// +build linux,cgo
|
|
|
|
package generate
|
|
|
|
import (
|
|
"context"
|
|
"io/ioutil"
|
|
|
|
"github.com/containers/libpod/v2/libpod/image"
|
|
"github.com/containers/libpod/v2/pkg/seccomp"
|
|
"github.com/containers/libpod/v2/pkg/specgen"
|
|
spec "github.com/opencontainers/runtime-spec/specs-go"
|
|
"github.com/pkg/errors"
|
|
goSeccomp "github.com/seccomp/containers-golang"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *image.Image) (*spec.LinuxSeccomp, error) {
|
|
var seccompConfig *spec.LinuxSeccomp
|
|
var err error
|
|
scp, err := seccomp.LookupPolicy(s.SeccompPolicy)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if scp == seccomp.PolicyImage {
|
|
if img == nil {
|
|
return nil, errors.New("cannot read seccomp profile without a valid image")
|
|
}
|
|
labels, err := img.Labels(context.Background())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
imagePolicy := labels[seccomp.ContainerImageLabel]
|
|
if len(imagePolicy) < 1 {
|
|
return nil, errors.New("no seccomp policy defined by image")
|
|
}
|
|
logrus.Debug("Loading seccomp profile from the security config")
|
|
seccompConfig, err = goSeccomp.LoadProfile(imagePolicy, configSpec)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "loading seccomp profile failed")
|
|
}
|
|
return seccompConfig, nil
|
|
}
|
|
|
|
if s.SeccompProfilePath != "" {
|
|
logrus.Debugf("Loading seccomp profile from %q", s.SeccompProfilePath)
|
|
seccompProfile, err := ioutil.ReadFile(s.SeccompProfilePath)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", s.SeccompProfilePath)
|
|
}
|
|
seccompConfig, err = goSeccomp.LoadProfile(string(seccompProfile), configSpec)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", s.SeccompProfilePath)
|
|
}
|
|
} else {
|
|
logrus.Debug("Loading default seccomp profile")
|
|
seccompConfig, err = goSeccomp.GetDefaultProfile(configSpec)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", s.SeccompProfilePath)
|
|
}
|
|
}
|
|
|
|
return seccompConfig, nil
|
|
}
|