diff options
author | Valentin Rothberg <rothberg@redhat.com> | 2020-02-12 16:59:00 +0100 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2020-02-12 17:10:18 +0100 |
commit | 65d10ffab338ab0142e6595a646dab42f64af7d2 (patch) | |
tree | 8d3ceed8ea268c909c886fcc8c7b6c2473634d71 /cmd/podman | |
parent | 62e20b6cd8bd62d3e0e79b19db9c837828ef8d96 (diff) | |
download | podman-65d10ffab338ab0142e6595a646dab42f64af7d2.tar.gz podman-65d10ffab338ab0142e6595a646dab42f64af7d2.tar.bz2 podman-65d10ffab338ab0142e6595a646dab42f64af7d2.zip |
add pkg/seccomp
Add pkg/seccomp to consolidate all seccomp-policy related code which is
currently scattered across multiple packages and complicating the
creatconfig refactoring.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r-- | cmd/podman/shared/create.go | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 3062b0ca3..e3a39a421 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -22,6 +22,7 @@ import ( "github.com/containers/libpod/pkg/inspect" ns "github.com/containers/libpod/pkg/namespaces" "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/seccomp" cc "github.com/containers/libpod/pkg/spec" "github.com/containers/libpod/pkg/util" "github.com/docker/go-connections/nat" @@ -31,10 +32,6 @@ import ( "github.com/sirupsen/logrus" ) -// seccompLabelKey is the key of the image annotation embedding a seccomp -// profile. -const seccompLabelKey = "io.containers.seccomp.profile" - func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) { var ( healthCheck *manifest.Schema2HealthConfig @@ -713,11 +710,11 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. // SECCOMP if data != nil { - if value, exists := labels[seccompLabelKey]; exists { + if value, exists := labels[seccomp.ContainerImageLabel]; exists { secConfig.SeccompProfileFromImage = value } } - if policy, err := cc.LookupSeccompPolicy(c.String("seccomp-policy")); err != nil { + if policy, err := seccomp.LookupPolicy(c.String("seccomp-policy")); err != nil { return nil, err } else { secConfig.SeccompPolicy = policy |