github.com/containers/podman/v2@v2.2.2-0.20210501105131-c1e07d070c4c/pkg/spec/config_linux_cgo.go (about) 1 // +build linux,cgo 2 3 package createconfig 4 5 import ( 6 "io/ioutil" 7 8 goSeccomp "github.com/containers/common/pkg/seccomp" 9 "github.com/containers/podman/v2/pkg/seccomp" 10 spec "github.com/opencontainers/runtime-spec/specs-go" 11 "github.com/pkg/errors" 12 "github.com/sirupsen/logrus" 13 ) 14 15 func getSeccompConfig(config *SecurityConfig, configSpec *spec.Spec) (*spec.LinuxSeccomp, error) { 16 var seccompConfig *spec.LinuxSeccomp 17 var err error 18 19 if config.SeccompPolicy == seccomp.PolicyImage && config.SeccompProfileFromImage != "" { 20 logrus.Debug("Loading seccomp profile from the security config") 21 seccompConfig, err = goSeccomp.LoadProfile(config.SeccompProfileFromImage, configSpec) 22 if err != nil { 23 return nil, errors.Wrap(err, "loading seccomp profile failed") 24 } 25 return seccompConfig, nil 26 } 27 28 if config.SeccompProfilePath != "" { 29 logrus.Debugf("Loading seccomp profile from %q", config.SeccompProfilePath) 30 seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath) 31 if err != nil { 32 return nil, errors.Wrap(err, "opening seccomp profile failed") 33 } 34 seccompConfig, err = goSeccomp.LoadProfile(string(seccompProfile), configSpec) 35 if err != nil { 36 return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath) 37 } 38 } else { 39 logrus.Debug("Loading default seccomp profile") 40 seccompConfig, err = goSeccomp.GetDefaultProfile(configSpec) 41 if err != nil { 42 return nil, errors.Wrapf(err, "loading default seccomp profile failed") 43 } 44 } 45 46 return seccompConfig, nil 47 }