From e58ec4dc077d40aef4c8f9f4e163cbf5f05ff83b Mon Sep 17 00:00:00 2001 From: EDuToit Date: Thu, 26 Mar 2026 11:57:59 +0100 Subject: [PATCH] Address seccomp profile todo: - resolve seccomp profile from config default - assign profile if default path is not defined Signed-off-by: EDuToit --- pkg/api/handlers/compat/info.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/pkg/api/handlers/compat/info.go b/pkg/api/handlers/compat/info.go index 845bae789d..57e6097923 100644 --- a/pkg/api/handlers/compat/info.go +++ b/pkg/api/handlers/compat/info.go @@ -110,7 +110,7 @@ func GetInfo(w http.ResponseWriter, r *http.Request) { RegistryConfig: getServiceConfig(runtime), RuncCommit: dockerSystem.Commit{}, Runtimes: getRuntimes(configInfo), - SecurityOptions: getSecOpts(sysInfo), + SecurityOptions: getSecOpts(sysInfo, configInfo), ServerVersion: versionInfo.Version, SwapLimit: sysInfo.SwapLimit, Swarm: swarm.Info{ @@ -169,14 +169,17 @@ func getGraphStatus(storeInfo map[string]string) [][2]string { return graphStatus } -func getSecOpts(sysInfo *sysinfo.SysInfo) []string { +func getSecOpts(sysInfo *sysinfo.SysInfo, c *config.Config) []string { var secOpts []string if sysInfo.AppArmor { secOpts = append(secOpts, "name=apparmor") } if sysInfo.Seccomp { - // FIXME: get profile name... - secOpts = append(secOpts, fmt.Sprintf("name=seccomp,profile=%s", "default")) + profile := "default" + if c.Containers.SeccompProfile != "" && c.Containers.SeccompProfile != config.SeccompDefaultPath { + profile = c.Containers.SeccompProfile + } + secOpts = append(secOpts, fmt.Sprintf("name=seccomp,profile=%s", profile)) } if rootless.IsRootless() { secOpts = append(secOpts, "name=rootless")