podman
36 строк · 927.0 Байт
1//go:build seccomp && linux
2// +build seccomp,linux
3
4package buildah
5
6import (
7"fmt"
8"os"
9
10"github.com/containers/common/pkg/seccomp"
11"github.com/opencontainers/runtime-spec/specs-go"
12)
13
14func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error {
15switch seccompProfilePath {
16case "unconfined":
17spec.Linux.Seccomp = nil
18case "":
19seccompConfig, err := seccomp.GetDefaultProfile(spec)
20if err != nil {
21return fmt.Errorf("loading default seccomp profile failed: %w", err)
22}
23spec.Linux.Seccomp = seccompConfig
24default:
25seccompProfile, err := os.ReadFile(seccompProfilePath)
26if err != nil {
27return fmt.Errorf("opening seccomp profile failed: %w", err)
28}
29seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), spec)
30if err != nil {
31return fmt.Errorf("loading seccomp profile (%s) failed: %w", seccompProfilePath, err)
32}
33spec.Linux.Seccomp = seccompConfig
34}
35return nil
36}
37