diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2019-10-29 13:33:44 -0400 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@redhat.com> | 2019-10-29 13:43:45 -0400 |
| commit | 66c126d6dee178f96f8a120f13372802d46ea9b5 (patch) | |
| tree | 14bbd3c7fd16993234d482caa1f8b78e4954a106 | |
| parent | 248bb61b14a3f0d4e1d244eff85b30f48554a6a8 (diff) | |
| download | podman-66c126d6dee178f96f8a120f13372802d46ea9b5.tar.gz podman-66c126d6dee178f96f8a120f13372802d46ea9b5.tar.bz2 podman-66c126d6dee178f96f8a120f13372802d46ea9b5.zip | |
Set default seccomp.json file for podman play kube
Currently podman play kube is not using the system default seccomp.json file.
This PR will use the default or override location for podman play.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| -rw-r--r-- | cmd/podman/shared/create.go | 17 | ||||
| -rw-r--r-- | libpod/util.go | 17 | ||||
| -rw-r--r-- | pkg/adapter/pods.go | 5 |
3 files changed, 26 insertions, 13 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 759903c19..dc343e694 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -251,19 +251,10 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string, runtime *l } if config.SeccompProfilePath == "" { - if _, err := os.Stat(libpod.SeccompOverridePath); err == nil { - config.SeccompProfilePath = libpod.SeccompOverridePath - } else { - if !os.IsNotExist(err) { - return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath) - } - if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil { - if !os.IsNotExist(err) { - return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath) - } - } else { - config.SeccompProfilePath = libpod.SeccompDefaultPath - } + var err error + config.SeccompProfilePath, err = libpod.DefaultSeccompPath() + if err != nil { + return err } } config.LabelOpts = labelOpts diff --git a/libpod/util.go b/libpod/util.go index 84fd490bf..5ae5ab491 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -189,3 +189,20 @@ func programVersion(mountProgram string) (string, error) { } return strings.TrimSuffix(output, "\n"), nil } + +func DefaultSeccompPath() (string, error) { + _, err := os.Stat(SeccompOverridePath) + if err == nil { + return SeccompOverridePath, nil + } + if !os.IsNotExist(err) { + return "", errors.Wrapf(err, "can't check if %q exists", SeccompOverridePath) + } + if _, err := os.Stat(SeccompDefaultPath); err != nil { + if !os.IsNotExist(err) { + return "", errors.Wrapf(err, "can't check if %q exists", SeccompDefaultPath) + } + return "", nil + } + return SeccompDefaultPath, nil +} diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go index 9be294929..d8d5b884f 100644 --- a/pkg/adapter/pods.go +++ b/pkg/adapter/pods.go @@ -713,6 +713,11 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container } } } + var err error + containerConfig.SeccompProfilePath, err = libpod.DefaultSeccompPath() + if err != nil { + return nil, err + } containerConfig.Command = []string{} if imageData != nil && imageData.Config != nil { |