seccomp policy: expect profile in config label

Move the seccomp profile from a manifest annotation to a config label.
This way, we can support it for Docker images as well and provide an
easy way to add that data via Dockerfiles.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index 15d6bddbb..2f637694b 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -31,9 +31,9 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// seccompAnnotationKey is the key of the image annotation embedding a seccomp
+// seccompLabelKey is the key of the image annotation embedding a seccomp
 // profile.
-const seccompAnnotationKey = "io.containers.seccomp.profile"
+const seccompLabelKey = "io.containers.seccomp.profile"
 
 func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) {
 	var (
@@ -709,7 +709,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
 
 	// SECCOMP
 	if data != nil {
-		if value, exists := data.Annotations[seccompAnnotationKey]; exists {
+		if value, exists := labels[seccompLabelKey]; exists {
 			secConfig.SeccompProfileFromImage = value
 		}
 	}