diff options
author | Valentin Rothberg <rothberg@redhat.com> | 2020-01-23 10:04:18 +0100 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2020-01-23 10:06:43 +0100 |
commit | 1531509542194bf7800621b4b7a6071f53961dab (patch) | |
tree | 35427fbd19858ab4f28cd8a56ee13bacaa14757d /cmd/podman/shared/create.go | |
parent | ac3a6b80b0ccd2f9592110811ccf6fd844110b9e (diff) | |
download | podman-1531509542194bf7800621b4b7a6071f53961dab.tar.gz podman-1531509542194bf7800621b4b7a6071f53961dab.tar.bz2 podman-1531509542194bf7800621b4b7a6071f53961dab.zip |
seccomp policy: expect profile in config label
Move the seccomp profile from a manifest annotation to a config label.
This way, we can support it for Docker images as well and provide an
easy way to add that data via Dockerfiles.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'cmd/podman/shared/create.go')
-rw-r--r-- | cmd/podman/shared/create.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 15d6bddbb..2f637694b 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -31,9 +31,9 @@ import ( "github.com/sirupsen/logrus" ) -// seccompAnnotationKey is the key of the image annotation embedding a seccomp +// seccompLabelKey is the key of the image annotation embedding a seccomp // profile. -const seccompAnnotationKey = "io.containers.seccomp.profile" +const seccompLabelKey = "io.containers.seccomp.profile" func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) { var ( @@ -709,7 +709,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. // SECCOMP if data != nil { - if value, exists := data.Annotations[seccompAnnotationKey]; exists { + if value, exists := labels[seccompLabelKey]; exists { secConfig.SeccompProfileFromImage = value } } |