github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/pkg/seccomp/seccomp.go

github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/pkg/seccomp/seccomp.go (about)

     1  package seccomp
     2  
     3  import (
     4  	"sort"
     5  
     6  	"github.com/pkg/errors"
     7  )
     8  
     9  // ContainerImageLabel is the key of the image annotation embedding a seccomp
    10  // profile.
    11  const ContainerImageLabel = "io.containers.seccomp.profile"
    12  
    13  // Policy denotes a seccomp policy.
    14  type Policy int
    15  
    16  const (
    17  	// PolicyDefault - if set use SecurityConfig.SeccompProfilePath,
    18  	// otherwise use the default profile.  The SeccompProfilePath might be
    19  	// explicitly set by the user.
    20  	PolicyDefault Policy = iota
    21  	// PolicyImage - if set use SecurityConfig.SeccompProfileFromImage,
    22  	// otherwise follow SeccompPolicyDefault.
    23  	PolicyImage
    24  )
    25  
    26  // Map for easy lookups of supported policies.
    27  var supportedPolicies = map[string]Policy{
    28  	"":        PolicyDefault,
    29  	"default": PolicyDefault,
    30  	"image":   PolicyImage,
    31  }
    32  
    33  // LookupPolicy looks up the corresponding Policy for the specified
    34  // string. If none is found, an errors is returned including the list of
    35  // supported policies.
    36  //
    37  // Note that an empty string resolved to SeccompPolicyDefault.
    38  func LookupPolicy(s string) (Policy, error) {
    39  	policy, exists := supportedPolicies[s]
    40  	if exists {
    41  		return policy, nil
    42  	}
    43  
    44  	// Sort the keys first as maps are non-deterministic.
    45  	keys := []string{}
    46  	for k := range supportedPolicies {
    47  		if k != "" {
    48  			keys = append(keys, k)
    49  		}
    50  	}
    51  	sort.Strings(keys)
    52  
    53  	return -1, errors.Errorf("invalid seccomp policy %q: valid policies are %+q", s, keys)
    54  }