summaryrefslogtreecommitdiff
path: root/libpod/util.go
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-04-28 15:40:30 -0400
committerGitHub <noreply@github.com>2021-04-28 15:40:30 -0400
commitdb67fedcbd1fcaf06d0d6655face5182ccd0cc87 (patch)
treef3bd173fc406903531cd451b3155720194fa2272 /libpod/util.go
parent928dce57dfb11c110801547b9852aa4f87e37bb4 (diff)
parent18cb17ffeb33195879730b2bc83e1a2c82310e6a (diff)
downloadpodman-db67fedcbd1fcaf06d0d6655face5182ccd0cc87.tar.gz
podman-db67fedcbd1fcaf06d0d6655face5182ccd0cc87.tar.bz2
podman-db67fedcbd1fcaf06d0d6655face5182ccd0cc87.zip
Merge pull request #10155 from pablofsf/fix-default-seccomp
Use seccomp_profile as default profile if defined in containers.conf
Diffstat (limited to 'libpod/util.go')
-rw-r--r--libpod/util.go10
1 files changed, 9 insertions, 1 deletions
diff --git a/libpod/util.go b/libpod/util.go
index b75c9179a..7f4a01f28 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -194,7 +194,15 @@ func programVersion(mountProgram string) (string, error) {
// if it exists, first it checks OverrideSeccomp and then default.
// If neither exist function returns ""
func DefaultSeccompPath() (string, error) {
- _, err := os.Stat(config.SeccompOverridePath)
+ def, err := config.Default()
+ if err != nil {
+ return "", err
+ }
+ if def.Containers.SeccompProfile != "" {
+ return def.Containers.SeccompProfile, nil
+ }
+
+ _, err = os.Stat(config.SeccompOverridePath)
if err == nil {
return config.SeccompOverridePath, nil
}