summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate/security.go
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-08-21 12:58:55 +0200
committerGitHub <noreply@github.com>2020-08-21 12:58:55 +0200
commit11372c4c4d75d731f346c6be06e41bfe9600ce81 (patch)
tree79a8f85f2f8ac32613ce86db3601b355595cf852 /pkg/specgen/generate/security.go
parent84180d99bc808795a1f91747436a42745ddececb (diff)
parent7fc3c25410bd5ee053473ffd5df2209f41840ec0 (diff)
downloadpodman-11372c4c4d75d731f346c6be06e41bfe9600ce81.tar.gz
podman-11372c4c4d75d731f346c6be06e41bfe9600ce81.tar.bz2
podman-11372c4c4d75d731f346c6be06e41bfe9600ce81.zip
Merge pull request #7363 from mheon/lets_try_this_again
Lets try this again: v2.0.5 backports, round 2
Diffstat (limited to 'pkg/specgen/generate/security.go')
-rw-r--r--pkg/specgen/generate/security.go5
1 files changed, 3 insertions, 2 deletions
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index fcd1622f9..840dcb72d 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -158,8 +158,9 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
configSpec.Linux.Seccomp = seccompConfig
}
- // Clear default Seccomp profile from Generator for privileged containers
- if s.SeccompProfilePath == "unconfined" || s.Privileged {
+ // Clear default Seccomp profile from Generator for unconfined containers
+ // and privileged containers which do not specify a seccomp profile.
+ if s.SeccompProfilePath == "unconfined" || (s.Privileged && (s.SeccompProfilePath == config.SeccompOverridePath || s.SeccompProfilePath == config.SeccompDefaultPath)) {
configSpec.Linux.Seccomp = nil
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-02-28 23:32:22 +0000