github.com/containers/podman/v4@v4.9.4/pkg/seccomp/seccomp.go (about) 1 package seccomp 2 3 import ( 4 "fmt" 5 "sort" 6 ) 7 8 // ContainerImageLabel is the key of the image annotation embedding a seccomp 9 // profile. 10 const ContainerImageLabel = "io.containers.seccomp.profile" 11 12 // Policy denotes a seccomp policy. 13 type Policy int 14 15 const ( 16 // PolicyDefault - if set use SecurityConfig.SeccompProfilePath, 17 // otherwise use the default profile. The SeccompProfilePath might be 18 // explicitly set by the user. 19 PolicyDefault Policy = iota 20 // PolicyImage - if set use SecurityConfig.SeccompProfileFromImage, 21 // otherwise follow SeccompPolicyDefault. 22 PolicyImage 23 ) 24 25 // Map for easy lookups of supported policies. 26 var supportedPolicies = map[string]Policy{ 27 "": PolicyDefault, 28 "default": PolicyDefault, 29 "image": PolicyImage, 30 } 31 32 // LookupPolicy looks up the corresponding Policy for the specified 33 // string. If none is found, an errors is returned including the list of 34 // supported policies. 35 // 36 // Note that an empty string resolved to SeccompPolicyDefault. 37 func LookupPolicy(s string) (Policy, error) { 38 policy, exists := supportedPolicies[s] 39 if exists { 40 return policy, nil 41 } 42 43 // Sort the keys first as maps are non-deterministic. 44 keys := []string{} 45 for k := range supportedPolicies { 46 if k != "" { 47 keys = append(keys, k) 48 } 49 } 50 sort.Strings(keys) 51 52 return -1, fmt.Errorf("invalid seccomp policy %q: valid policies are %+q", s, keys) 53 }