update to use containerd seccomp package
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
This commit is contained in:
Jess Frazelle
parent
9ff5e389ff
commit
09243b740c
8199 changed files with 30742 additions and 1598219 deletions
1654
container/seccomp.go
1654
container/seccomp.go
File diff suppressed because it is too large
Load diff
|
|
@ -1,10 +0,0 @@
|
|||
// +build !seccomp
|
||||
|
||||
package container
|
||||
|
||||
import (
|
||||
specs "github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
// DefaultSeccompProfile defines the whitelist for the default seccomp profile.
|
||||
var DefaultSeccompProfile = &specs.LinuxSeccomp{}
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
package container
|
||||
|
||||
import (
|
||||
"github.com/containerd/containerd/contrib/seccomp"
|
||||
aaprofile "github.com/docker/docker/profiles/apparmor"
|
||||
"github.com/opencontainers/runc/libcontainer/apparmor"
|
||||
"github.com/opencontainers/runc/libcontainer/specconv"
|
||||
|
|
@ -42,7 +43,7 @@ func Spec(opts SpecOpts) *specs.Spec {
|
|||
spec.Hooks = opts.Hooks
|
||||
|
||||
// Set the default seccomp profile.
|
||||
spec.Linux.Seccomp = DefaultSeccompProfile
|
||||
spec.Linux.Seccomp = seccomp.DefaultProfile(spec)
|
||||
|
||||
// Install the default apparmor profile.
|
||||
if apparmor.IsEnabled() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue