Skip to content

Commit

Permalink
Set default seccomp.json file for podman play kube
Browse files Browse the repository at this point in the history 
Currently podman play kube is not using the system default seccomp.json file.
This PR will use the default or override location for podman play.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
  • Loading branch information
@rhatdan @nalind
rhatdan authored and nalind committed Oct 29, 2019
1 parent 248bb61 commit 66c126d
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 13 deletions.
17 changes: 4 additions & 13 deletions cmd/podman/shared/create.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,19 +251,10 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string, runtime *l
}

if config.SeccompProfilePath == "" {
if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
config.SeccompProfilePath = libpod.SeccompOverridePath
} else {
if !os.IsNotExist(err) {
return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
}
if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
if !os.IsNotExist(err) {
return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
}
} else {
config.SeccompProfilePath = libpod.SeccompDefaultPath
}
var err error
config.SeccompProfilePath, err = libpod.DefaultSeccompPath()
if err != nil {
return err
}
}
config.LabelOpts = labelOpts
Expand Down
17 changes: 17 additions & 0 deletions libpod/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,3 +189,20 @@ func programVersion(mountProgram string) (string, error) {
}
return strings.TrimSuffix(output, "\n"), nil
}

func DefaultSeccompPath() (string, error) {
_, err := os.Stat(SeccompOverridePath)
if err == nil {
return SeccompOverridePath, nil
}
if !os.IsNotExist(err) {
return "", errors.Wrapf(err, "can't check if %q exists", SeccompOverridePath)
}
if _, err := os.Stat(SeccompDefaultPath); err != nil {
if !os.IsNotExist(err) {
return "", errors.Wrapf(err, "can't check if %q exists", SeccompDefaultPath)
}
return "", nil
}
return SeccompDefaultPath, nil
}
5 changes: 5 additions & 0 deletions pkg/adapter/pods.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -713,6 +713,11 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
}
}
}
var err error
containerConfig.SeccompProfilePath, err = libpod.DefaultSeccompPath()
if err != nil {
return nil, err
}

containerConfig.Command = []string{}
if imageData != nil && imageData.Config != nil {
Expand Down

0 comments on commit 66c126d

Please sign in to comment.