spec: move cgo stuff to their own file

so it can build without cgo since seccomp requires it.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

1 files changed, 34 insertions, 0 deletions

diff --git a/pkg/spec/config_linux_cgo.go b/pkg/spec/config_linux_cgo.go
new file mode 100644
index 000000000..e6e92a7cc
--- /dev/null
+++ b/pkg/spec/config_linux_cgo.go
@@ -0,0 +1,34 @@
+// +build linux,cgo
+
+package createconfig
+
+import (
+	"io/ioutil"
+
+	"github.com/docker/docker/profiles/seccomp"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
+
+func getSeccompConfig(config *CreateConfig, configSpec *spec.Spec) (*spec.LinuxSeccomp, error) {
+	var seccompConfig *spec.LinuxSeccomp
+	var err error
+
+	if config.SeccompProfilePath != "" {
+		seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath)
+		if err != nil {
+			return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", config.SeccompProfilePath)
+		}
+		seccompConfig, err = seccomp.LoadProfile(string(seccompProfile), configSpec)
+		if err != nil {
+			return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath)
+		}
+	} else {
+		seccompConfig, err = seccomp.GetDefaultProfile(configSpec)
+		if err != nil {
+			return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath)
+		}
+	}
+
+	return seccompConfig, nil
+}