diff options
| -rw-r--r-- | cmd/podman/shared/create.go | 17 | ||||
| -rw-r--r-- | libpod/util.go | 17 | ||||
| -rw-r--r-- | pkg/adapter/pods.go | 5 |
3 files changed, 26 insertions, 13 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 759903c19..dc343e694 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -251,19 +251,10 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string, runtime *l } if config.SeccompProfilePath == "" { - if _, err := os.Stat(libpod.SeccompOverridePath); err == nil { - config.SeccompProfilePath = libpod.SeccompOverridePath - } else { - if !os.IsNotExist(err) { - return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath) - } - if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil { - if !os.IsNotExist(err) { - return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath) - } - } else { - config.SeccompProfilePath = libpod.SeccompDefaultPath - } + var err error + config.SeccompProfilePath, err = libpod.DefaultSeccompPath() + if err != nil { + return err } } config.LabelOpts = labelOpts diff --git a/libpod/util.go b/libpod/util.go index 84fd490bf..5ae5ab491 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -189,3 +189,20 @@ func programVersion(mountProgram string) (string, error) { } return strings.TrimSuffix(output, "\n"), nil } + +func DefaultSeccompPath() (string, error) { + _, err := os.Stat(SeccompOverridePath) + if err == nil { + return SeccompOverridePath, nil + } + if !os.IsNotExist(err) { + return "", errors.Wrapf(err, "can't check if %q exists", SeccompOverridePath) + } + if _, err := os.Stat(SeccompDefaultPath); err != nil { + if !os.IsNotExist(err) { + return "", errors.Wrapf(err, "can't check if %q exists", SeccompDefaultPath) + } + return "", nil + } + return SeccompDefaultPath, nil +} diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go index 9be294929..d8d5b884f 100644 --- a/pkg/adapter/pods.go +++ b/pkg/adapter/pods.go @@ -713,6 +713,11 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container } } } + var err error + containerConfig.SeccompProfilePath, err = libpod.DefaultSeccompPath() + if err != nil { + return nil, err + } containerConfig.Command = []string{} if imageData != nil && imageData.Config != nil { |