summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2020-02-12 16:59:00 +0100
committerValentin Rothberg <rothberg@redhat.com>2020-02-12 17:10:18 +0100
commit65d10ffab338ab0142e6595a646dab42f64af7d2 (patch)
tree8d3ceed8ea268c909c886fcc8c7b6c2473634d71 /cmd/podman
parent62e20b6cd8bd62d3e0e79b19db9c837828ef8d96 (diff)
downloadpodman-65d10ffab338ab0142e6595a646dab42f64af7d2.tar.gz
podman-65d10ffab338ab0142e6595a646dab42f64af7d2.tar.bz2
podman-65d10ffab338ab0142e6595a646dab42f64af7d2.zip
add pkg/seccomp
Add pkg/seccomp to consolidate all seccomp-policy related code which is currently scattered across multiple packages and complicating the creatconfig refactoring. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/shared/create.go9
1 files changed, 3 insertions, 6 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index 3062b0ca3..e3a39a421 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -22,6 +22,7 @@ import (
"github.com/containers/libpod/pkg/inspect"
ns "github.com/containers/libpod/pkg/namespaces"
"github.com/containers/libpod/pkg/rootless"
+ "github.com/containers/libpod/pkg/seccomp"
cc "github.com/containers/libpod/pkg/spec"
"github.com/containers/libpod/pkg/util"
"github.com/docker/go-connections/nat"
@@ -31,10 +32,6 @@ import (
"github.com/sirupsen/logrus"
)
-// seccompLabelKey is the key of the image annotation embedding a seccomp
-// profile.
-const seccompLabelKey = "io.containers.seccomp.profile"
-
func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) {
var (
healthCheck *manifest.Schema2HealthConfig
@@ -713,11 +710,11 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
// SECCOMP
if data != nil {
- if value, exists := labels[seccompLabelKey]; exists {
+ if value, exists := labels[seccomp.ContainerImageLabel]; exists {
secConfig.SeccompProfileFromImage = value
}
}
- if policy, err := cc.LookupSeccompPolicy(c.String("seccomp-policy")); err != nil {
+ if policy, err := seccomp.LookupPolicy(c.String("seccomp-policy")); err != nil {
return nil, err
} else {
secConfig.SeccompPolicy = policy