aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman/create.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-01-17 11:03:07 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2018-01-18 12:26:43 +0000
commit0d69ca6637b30a3370529b3e272f27f6fafdb0c3 (patch)
treed6a69ad97b497eb5304c3a5b516a6056f4c85460 /cmd/podman/create.go
parent0befd8dafd116ea5f231f5b360b500be08c39297 (diff)
downloadpodman-0d69ca6637b30a3370529b3e272f27f6fafdb0c3.tar.gz
podman-0d69ca6637b30a3370529b3e272f27f6fafdb0c3.tar.bz2
podman-0d69ca6637b30a3370529b3e272f27f6fafdb0c3.zip
Fix seccomp support
If user does not specify seccomp file or seccomp file does not exist, then use the default seccomp settings. Still need to not hard code /etc/crio/seccomp.json, should move this to /usr/share/seccomp/seccomp.json Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #233 Approved by: baude
Diffstat (limited to 'cmd/podman/create.go')
-rw-r--r--cmd/podman/create.go17
1 files changed, 11 insertions, 6 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 7ee364fab..262be129c 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -218,8 +218,6 @@ func createCmd(c *cli.Context) error {
return nil
}
-const seccompDefaultPath = "/etc/crio/seccomp.json"
-
func parseSecurityOpt(config *createConfig, securityOpts []string) error {
var (
labelOpts []string
@@ -269,12 +267,19 @@ func parseSecurityOpt(config *createConfig, securityOpts []string) error {
}
if config.SeccompProfilePath == "" {
- if _, err := os.Stat(seccompDefaultPath); err != nil {
+ if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
+ config.SeccompProfilePath = libpod.SeccompOverridePath
+ } else {
if !os.IsNotExist(err) {
- return errors.Wrapf(err, "can't check if %q exists", seccompDefaultPath)
+ return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
+ }
+ if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
+ if !os.IsNotExist(err) {
+ return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
+ }
+ } else {
+ config.SeccompProfilePath = libpod.SeccompDefaultPath
}
- } else {
- config.SeccompProfilePath = seccompDefaultPath
}
}
config.ProcessLabel, config.MountLabel, err = label.InitLabels(labelOpts)