opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-30 18:18:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ad1ab71b8c81fcb42f76f50514b82c50520ad6b2
podman/vendor/github.com/containers/buildah/seccomp.go
Aditya R 987c8e3a78 vendor: bump to buildah ca578b290144 and use new cache API 
Bump to buildah ca578b290144 and use new `cacheTo` and `cacheFrom` API.

[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]

Signed-off-by: Aditya R <arajan@redhat.com>
2022-12-20 17:13:59 +05:30

37 lines
927 B
Go
Raw Blame History

//go:build seccomp && linux
// +build seccomp,linux
package buildah
import (
"fmt"
"os"
"github.com/containers/common/pkg/seccomp"
"github.com/opencontainers/runtime-spec/specs-go"
)
func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error {
switch seccompProfilePath {
case "unconfined":
spec.Linux.Seccomp = nil
case "":
seccompConfig, err := seccomp.GetDefaultProfile(spec)
if err != nil {
return fmt.Errorf("loading default seccomp profile failed: %w", err)
}
spec.Linux.Seccomp = seccompConfig
default:
seccompProfile, err := os.ReadFile(seccompProfilePath)
if err != nil {
return fmt.Errorf("opening seccomp profile failed: %w", err)
}
seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), spec)
if err != nil {
return fmt.Errorf("loading seccomp profile (%s) failed: %w", seccompProfilePath, err)
}
spec.Linux.Seccomp = seccompConfig
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink