summaryrefslogtreecommitdiff
path: root/vendor/github.com/projectatomic/buildah/seccomp.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/projectatomic/buildah/seccomp.go')
-rw-r--r--vendor/github.com/projectatomic/buildah/seccomp.go35
1 files changed, 35 insertions, 0 deletions
diff --git a/vendor/github.com/projectatomic/buildah/seccomp.go b/vendor/github.com/projectatomic/buildah/seccomp.go
new file mode 100644
index 000000000..a435b5f71
--- /dev/null
+++ b/vendor/github.com/projectatomic/buildah/seccomp.go
@@ -0,0 +1,35 @@
+// +build seccomp,linux
+
+package buildah
+
+import (
+ "io/ioutil"
+
+ "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/pkg/errors"
+ seccomp "github.com/seccomp/containers-golang"
+)
+
+func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error {
+ switch seccompProfilePath {
+ case "unconfined":
+ spec.Linux.Seccomp = nil
+ case "":
+ seccompConfig, err := seccomp.GetDefaultProfile(spec)
+ if err != nil {
+ return errors.Wrapf(err, "loading default seccomp profile failed")
+ }
+ spec.Linux.Seccomp = seccompConfig
+ default:
+ seccompProfile, err := ioutil.ReadFile(seccompProfilePath)
+ if err != nil {
+ return errors.Wrapf(err, "opening seccomp profile (%s) failed", seccompProfilePath)
+ }
+ seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), spec)
+ if err != nil {
+ return errors.Wrapf(err, "loading seccomp profile (%s) failed", seccompProfilePath)
+ }
+ spec.Linux.Seccomp = seccompConfig
+ }
+ return nil
+}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-16 12:23:22 +0000