diff options
| author | Brent Baude <bbaude@redhat.com> | 2020-04-14 14:13:06 -0500 |
|---|---|---|
| committer | Brent Baude <bbaude@redhat.com> | 2020-04-14 20:02:20 -0500 |
| commit | 714718794236245e81d4552f30731157d731aa9d (patch) | |
| tree | 041417f9fdc6a788aa57d069e2d472102ec09325 /pkg/specgen/config_linux_cgo.go | |
| parent | 0d01f09bf4103538a6011019b690e5aa11c377db (diff) | |
| download | podman-714718794236245e81d4552f30731157d731aa9d.tar.gz podman-714718794236245e81d4552f30731157d731aa9d.tar.bz2 podman-714718794236245e81d4552f30731157d731aa9d.zip | |
v2specgen prune libpod
use libpod only in the specgen/generate package so that the remote clients do not inherit libpod bloat.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Diffstat (limited to 'pkg/specgen/config_linux_cgo.go')
| -rw-r--r-- | pkg/specgen/config_linux_cgo.go | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/pkg/specgen/config_linux_cgo.go b/pkg/specgen/config_linux_cgo.go deleted file mode 100644 index ef6c6e951..000000000 --- a/pkg/specgen/config_linux_cgo.go +++ /dev/null @@ -1,61 +0,0 @@ -// +build linux,cgo - -package specgen - -import ( - "context" - "io/ioutil" - - "github.com/containers/libpod/libpod/image" - "github.com/containers/libpod/pkg/seccomp" - spec "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" - goSeccomp "github.com/seccomp/containers-golang" - "github.com/sirupsen/logrus" -) - -func (s *SpecGenerator) getSeccompConfig(configSpec *spec.Spec, img *image.Image) (*spec.LinuxSeccomp, error) { - var seccompConfig *spec.LinuxSeccomp - var err error - scp, err := seccomp.LookupPolicy(s.SeccompPolicy) - if err != nil { - return nil, err - } - - if scp == seccomp.PolicyImage { - labels, err := img.Labels(context.Background()) - if err != nil { - return nil, err - } - imagePolicy := labels[seccomp.ContainerImageLabel] - if len(imagePolicy) < 1 { - return nil, errors.New("no seccomp policy defined by image") - } - logrus.Debug("Loading seccomp profile from the security config") - seccompConfig, err = goSeccomp.LoadProfile(imagePolicy, configSpec) - if err != nil { - return nil, errors.Wrap(err, "loading seccomp profile failed") - } - return seccompConfig, nil - } - - if s.SeccompProfilePath != "" { - logrus.Debugf("Loading seccomp profile from %q", s.SeccompProfilePath) - seccompProfile, err := ioutil.ReadFile(s.SeccompProfilePath) - if err != nil { - return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", s.SeccompProfilePath) - } - seccompConfig, err = goSeccomp.LoadProfile(string(seccompProfile), configSpec) - if err != nil { - return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", s.SeccompProfilePath) - } - } else { - logrus.Debug("Loading default seccomp profile") - seccompConfig, err = goSeccomp.GetDefaultProfile(configSpec) - if err != nil { - return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", s.SeccompProfilePath) - } - } - - return seccompConfig, nil -} |