mirror/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2026-03-31 04:54:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

Address seccomp profile todo:

Browse Source 
- resolve seccomp profile from config default
- assign profile if default path is not defined

Signed-off-by: EDuToit <eben.dutoit07@gmail.com>
This commit is contained in:
EDuToit
2026-03-26 11:57:59 +01:00
parent 8c3af49bef
commit e58ec4dc07
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/api/handlers/compat/info.go
View File

@@ -110,7 +110,7 @@ func GetInfo(w http.ResponseWriter, r *http.Request) {
RegistryConfig: getServiceConfig(runtime),
RuncCommit: dockerSystem.Commit{},
Runtimes: getRuntimes(configInfo),
SecurityOptions: getSecOpts(sysInfo),
SecurityOptions: getSecOpts(sysInfo, configInfo),
ServerVersion: versionInfo.Version,
SwapLimit: sysInfo.SwapLimit,
Swarm: swarm.Info{
@@ -169,14 +169,17 @@ func getGraphStatus(storeInfo map[string]string) [][2]string {
return graphStatus
}
func getSecOpts(sysInfo *sysinfo.SysInfo) []string {
func getSecOpts(sysInfo *sysinfo.SysInfo, c *config.Config) []string {
var secOpts []string
if sysInfo.AppArmor {
secOpts = append(secOpts, "name=apparmor")
}
if sysInfo.Seccomp {
// FIXME: get profile name...
secOpts = append(secOpts, fmt.Sprintf("name=seccomp,profile=%s", "default"))
profile := "default"
if c.Containers.SeccompProfile != "" && c.Containers.SeccompProfile != config.SeccompDefaultPath {
profile = c.Containers.SeccompProfile
}
secOpts = append(secOpts, fmt.Sprintf("name=seccomp,profile=%s", profile))
}
if rootless.IsRootless() {
secOpts = append(secOpts, "name=rootless")