podman

1
//go:build seccomp && linux
2
// +build seccomp,linux
3

4
package buildah
5

6
import (
7
	"fmt"
8
	"os"
9

10
	"github.com/containers/common/pkg/seccomp"
11
	"github.com/opencontainers/runtime-spec/specs-go"
12
)
13

14
func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error {
15
	switch seccompProfilePath {
16
	case "unconfined":
17
		spec.Linux.Seccomp = nil
18
	case "":
19
		seccompConfig, err := seccomp.GetDefaultProfile(spec)
20
		if err != nil {
21
			return fmt.Errorf("loading default seccomp profile failed: %w", err)
22
		}
23
		spec.Linux.Seccomp = seccompConfig
24
	default:
25
		seccompProfile, err := os.ReadFile(seccompProfilePath)
26
		if err != nil {
27
			return fmt.Errorf("opening seccomp profile failed: %w", err)
28
		}
29
		seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), spec)
30
		if err != nil {
31
			return fmt.Errorf("loading seccomp profile (%s) failed: %w", seccompProfilePath, err)
32
		}
33
		spec.Linux.Seccomp = seccompConfig
34
	}
35
	return nil
36
}
37