use layer cache when building images

to more closely mimic docker default behavior, the --layers
cli option is set to true by default for podman.  the buildah
environment variable of BUILDAH_LAYERS is still honored and will
override the command line input.

this should be considered in place of PR #1383.

Many thanks for Scott McCarty for inspiring this welcome change.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #1422
Approved by: rhatdan

1 files changed, 35 insertions, 0 deletions

diff --git a/vendor/github.com/projectatomic/buildah/seccomp.go b/vendor/github.com/projectatomic/buildah/seccomp.go
new file mode 100644
index 000000000..a435b5f71
--- /dev/null
+++ b/vendor/github.com/projectatomic/buildah/seccomp.go
@@ -0,0 +1,35 @@
+// +build seccomp,linux
+
+package buildah
+
+import (
+	"io/ioutil"
+
+	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	seccomp "github.com/seccomp/containers-golang"
+)
+
+func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error {
+	switch seccompProfilePath {
+	case "unconfined":
+		spec.Linux.Seccomp = nil
+	case "":
+		seccompConfig, err := seccomp.GetDefaultProfile(spec)
+		if err != nil {
+			return errors.Wrapf(err, "loading default seccomp profile failed")
+		}
+		spec.Linux.Seccomp = seccompConfig
+	default:
+		seccompProfile, err := ioutil.ReadFile(seccompProfilePath)
+		if err != nil {
+			return errors.Wrapf(err, "opening seccomp profile (%s) failed", seccompProfilePath)
+		}
+		seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), spec)
+		if err != nil {
+			return errors.Wrapf(err, "loading seccomp profile (%s) failed", seccompProfilePath)
+		}
+		spec.Linux.Seccomp = seccompConfig
+	}
+	return nil
+}