github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/pkg/specgen/generate/config_linux_cgo.go

github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/pkg/specgen/generate/config_linux_cgo.go (about)

     1  //go:build linux && cgo
     2  // +build linux,cgo
     3  
     4  package generate
     5  
     6  import (
     7  	"context"
     8  	"io/ioutil"
     9  
    10  	"github.com/containers/common/libimage"
    11  	goSeccomp "github.com/containers/common/pkg/seccomp"
    12  	"github.com/hanks177/podman/v4/pkg/seccomp"
    13  	"github.com/hanks177/podman/v4/pkg/specgen"
    14  	spec "github.com/opencontainers/runtime-spec/specs-go"
    15  	"github.com/pkg/errors"
    16  	"github.com/sirupsen/logrus"
    17  )
    18  
    19  func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *libimage.Image) (*spec.LinuxSeccomp, error) {
    20  	var seccompConfig *spec.LinuxSeccomp
    21  	var err error
    22  	scp, err := seccomp.LookupPolicy(s.SeccompPolicy)
    23  	if err != nil {
    24  		return nil, err
    25  	}
    26  
    27  	if scp == seccomp.PolicyImage {
    28  		if img == nil {
    29  			return nil, errors.New("cannot read seccomp profile without a valid image")
    30  		}
    31  		labels, err := img.Labels(context.Background())
    32  		if err != nil {
    33  			return nil, err
    34  		}
    35  		imagePolicy := labels[seccomp.ContainerImageLabel]
    36  		if len(imagePolicy) < 1 {
    37  			return nil, errors.New("no seccomp policy defined by image")
    38  		}
    39  		logrus.Debug("Loading seccomp profile from the security config")
    40  		seccompConfig, err = goSeccomp.LoadProfile(imagePolicy, configSpec)
    41  		if err != nil {
    42  			return nil, errors.Wrap(err, "loading seccomp profile failed")
    43  		}
    44  		return seccompConfig, nil
    45  	}
    46  
    47  	if s.SeccompProfilePath != "" {
    48  		logrus.Debugf("Loading seccomp profile from %q", s.SeccompProfilePath)
    49  		seccompProfile, err := ioutil.ReadFile(s.SeccompProfilePath)
    50  		if err != nil {
    51  			return nil, errors.Wrap(err, "opening seccomp profile failed")
    52  		}
    53  		seccompConfig, err = goSeccomp.LoadProfile(string(seccompProfile), configSpec)
    54  		if err != nil {
    55  			return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", s.SeccompProfilePath)
    56  		}
    57  	} else {
    58  		logrus.Debug("Loading default seccomp profile")
    59  		seccompConfig, err = goSeccomp.GetDefaultProfile(configSpec)
    60  		if err != nil {
    61  			return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", s.SeccompProfilePath)
    62  		}
    63  	}
    64  
    65  	return seccompConfig, nil
    66  }