Bump up runtime-spec dependency to v1.0.0

Signed-off-by: Mrunal Patel <mpatel@redhat.com>

vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_action.go

@@ -30,8 +30,9 @@ func ParseSyscallFlag(args SyscallOpts, config *rspec.LinuxSeccomp) error {
 	}
 
 	action, _ := parseAction(arguments[0])
-	if action == config.DefaultAction {
-		return fmt.Errorf("default action already set as %s", action)
+	if action == config.DefaultAction && args.argsAreEmpty() {
+		// default already set, no need to make changes
+		return nil
 	}
 
 	var newSyscall rspec.LinuxSyscall
@@ -96,7 +97,7 @@ func ParseDefaultAction(action string, config *rspec.LinuxSeccomp) error {
 		return err
 	}
 	config.DefaultAction = defaultAction
-	err = RemoveAllMatchingRules(config, action)
+	err = RemoveAllMatchingRules(config, defaultAction)
 	if err != nil {
 		return err
 	}
@@ -125,3 +126,10 @@ func newSyscallStruct(name string, action rspec.LinuxSeccompAction, args []rspec
 	}
 	return syscallStruct
 }
+
+func (s SyscallOpts) argsAreEmpty() bool {
+	return (s.Index == "" &&
+		s.Value == "" &&
+		s.ValueTwo == "" &&
+		s.Operator == "")
+}

vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_remove.go

@@ -15,12 +15,7 @@ func RemoveAction(arguments string, config *rspec.LinuxSeccomp) error {
 		return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
 	}
 
-	var syscallsToRemove []string
-	if strings.Contains(arguments, ",") {
-		syscallsToRemove = strings.Split(arguments, ",")
-	} else {
-		syscallsToRemove = append(syscallsToRemove, arguments)
-	}
+	syscallsToRemove := strings.Split(arguments, ",")
 
 	for counter, syscallStruct := range config.Syscalls {
 		if reflect.DeepEqual(syscallsToRemove, syscallStruct.Names) {
@@ -42,16 +37,11 @@ func RemoveAllSeccompRules(config *rspec.LinuxSeccomp) error {
 }
 
 // RemoveAllMatchingRules will remove any syscall rules that match the specified action
-func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, action string) error {
+func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, seccompAction rspec.LinuxSeccompAction) error {
 	if config == nil {
 		return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
 	}
 
-	seccompAction, err := parseAction(action)
-	if err != nil {
-		return err
-	}
-
 	for _, syscall := range config.Syscalls {
 		if reflect.DeepEqual(syscall.Action, seccompAction) {
 			RemoveAction(strings.Join(syscall.Names, ","), config)

vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go

@@ -370,26 +370,25 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
 	var sysCloneFlagsIndex uint
 
 	capSysAdmin := false
-	var cap string
-	var caps []string
+	caps := make(map[string]bool)
 
-	for _, cap = range rs.Process.Capabilities.Bounding {
-		caps = append(caps, cap)
+	for _, cap := range rs.Process.Capabilities.Bounding {
+		caps[cap] = true
 	}
-	for _, cap = range rs.Process.Capabilities.Effective {
-		caps = append(caps, cap)
+	for _, cap := range rs.Process.Capabilities.Effective {
+		caps[cap] = true
 	}
-	for _, cap = range rs.Process.Capabilities.Inheritable {
-		caps = append(caps, cap)
+	for _, cap := range rs.Process.Capabilities.Inheritable {
+		caps[cap] = true
 	}
-	for _, cap = range rs.Process.Capabilities.Permitted {
-		caps = append(caps, cap)
+	for _, cap := range rs.Process.Capabilities.Permitted {
+		caps[cap] = true
 	}
-	for _, cap = range rs.Process.Capabilities.Ambient {
-		caps = append(caps, cap)
+	for _, cap := range rs.Process.Capabilities.Ambient {
+		caps[cap] = true
 	}
 
-	for _, cap = range caps {
+	for cap := range caps {
 		switch cap {
 		case "CAP_DAC_READ_SEARCH":
 			syscalls = append(syscalls, []rspec.LinuxSyscall{