From 66c126d6dee178f96f8a120f13372802d46ea9b5 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 29 Oct 2019 13:33:44 -0400
Subject: Set default seccomp.json file for podman play kube

Currently podman play kube is not using the system default seccomp.json file.
This PR will use the default or override location for podman play.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 cmd/podman/shared/create.go | 17 ++++-------------
 libpod/util.go              | 17 +++++++++++++++++
 pkg/adapter/pods.go         |  5 +++++
 3 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index 759903c19..dc343e694 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -251,19 +251,10 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string, runtime *l
 	}
 
 	if config.SeccompProfilePath == "" {
-		if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
-			config.SeccompProfilePath = libpod.SeccompOverridePath
-		} else {
-			if !os.IsNotExist(err) {
-				return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
-			}
-			if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
-				if !os.IsNotExist(err) {
-					return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
-				}
-			} else {
-				config.SeccompProfilePath = libpod.SeccompDefaultPath
-			}
+		var err error
+		config.SeccompProfilePath, err = libpod.DefaultSeccompPath()
+		if err != nil {
+			return err
 		}
 	}
 	config.LabelOpts = labelOpts
diff --git a/libpod/util.go b/libpod/util.go
index 84fd490bf..5ae5ab491 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -189,3 +189,20 @@ func programVersion(mountProgram string) (string, error) {
 	}
 	return strings.TrimSuffix(output, "\n"), nil
 }
+
+func DefaultSeccompPath() (string, error) {
+	_, err := os.Stat(SeccompOverridePath)
+	if err == nil {
+		return SeccompOverridePath, nil
+	}
+	if !os.IsNotExist(err) {
+		return "", errors.Wrapf(err, "can't check if %q exists", SeccompOverridePath)
+	}
+	if _, err := os.Stat(SeccompDefaultPath); err != nil {
+		if !os.IsNotExist(err) {
+			return "", errors.Wrapf(err, "can't check if %q exists", SeccompDefaultPath)
+		}
+		return "", nil
+	}
+	return SeccompDefaultPath, nil
+}
diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go
index 9be294929..d8d5b884f 100644
--- a/pkg/adapter/pods.go
+++ b/pkg/adapter/pods.go
@@ -713,6 +713,11 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
 			}
 		}
 	}
+	var err error
+	containerConfig.SeccompProfilePath, err = libpod.DefaultSeccompPath()
+	if err != nil {
+		return nil, err
+	}
 
 	containerConfig.Command = []string{}
 	if imageData != nil && imageData.Config != nil {
-- 
cgit v1.2.3-54-g00ecf