Fix seccomp support

If user does not specify seccomp file or seccomp file does not exist,
then use the default seccomp settings.

Still need to not hard code /etc/crio/seccomp.json, should move this to
/usr/share/seccomp/seccomp.json

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #233
Approved by: baude

1 files changed, 11 insertions, 6 deletions

diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 7ee364fab..262be129c 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -218,8 +218,6 @@ func createCmd(c *cli.Context) error {
 	return nil
 }
 
-const seccompDefaultPath = "/etc/crio/seccomp.json"
-
 func parseSecurityOpt(config *createConfig, securityOpts []string) error {
 	var (
 		labelOpts []string
@@ -269,12 +267,19 @@ func parseSecurityOpt(config *createConfig, securityOpts []string) error {
 	}
 
 	if config.SeccompProfilePath == "" {
-		if _, err := os.Stat(seccompDefaultPath); err != nil {
+		if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
+			config.SeccompProfilePath = libpod.SeccompOverridePath
+		} else {
 			if !os.IsNotExist(err) {
-				return errors.Wrapf(err, "can't check if %q exists", seccompDefaultPath)
+				return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
+			}
+			if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
+				if !os.IsNotExist(err) {
+					return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
+				}
+			} else {
+				config.SeccompProfilePath = libpod.SeccompDefaultPath
 			}
-		} else {
-			config.SeccompProfilePath = seccompDefaultPath
 		}
 	}
 	config.ProcessLabel, config.MountLabel, err = label.InitLabels(labelOpts)