Run without seccomp support

Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-02-21 16:21:04 -08:00 · 2017-02-21 16:21:04 -08:00 · 44e7e88ff3
commit 44e7e88ff3
parent 424fc8d0d6
2 changed files with 14 additions and 8 deletions
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@ -326,6 +326,10 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 		}
 	}

+	if !s.seccompEnabled {
+		g.Spec().Linux.Seccomp = nil
+	}
+
 	saveOptions := generate.ExportOptions{}
 	mountPoint, err := s.storage.StartContainer(id)
 	if err != nil {
--- a/server/server.go
+++ b/server/server.go
@ -495,15 +495,17 @@ func New(config *Config) (*Server, error) {
 		appArmorEnabled: apparmor.IsEnabled(),
 		appArmorProfile: config.ApparmorProfile,
 	}
-	seccompProfile, err := ioutil.ReadFile(config.SeccompProfile)
-	if err != nil {
-		return nil, fmt.Errorf("opening seccomp profile (%s) failed: %v", config.SeccompProfile, err)
+	if s.seccompEnabled {
+		seccompProfile, err := ioutil.ReadFile(config.SeccompProfile)
+		if err != nil {
+			return nil, fmt.Errorf("opening seccomp profile (%s) failed: %v", config.SeccompProfile, err)
+		}
+		var seccompConfig seccomp.Seccomp
+		if err := json.Unmarshal(seccompProfile, &seccompConfig); err != nil {
+			return nil, fmt.Errorf("decoding seccomp profile failed: %v", err)
+		}
+		s.seccompProfile = seccompConfig
 	}
-	var seccompConfig seccomp.Seccomp
-	if err := json.Unmarshal(seccompProfile, &seccompConfig); err != nil {
-		return nil, fmt.Errorf("decoding seccomp profile failed: %v", err)
-	}
-	s.seccompProfile = seccompConfig

 	if s.appArmorEnabled && s.appArmorProfile == apparmor.DefaultApparmorProfile {
 		if err := apparmor.EnsureDefaultApparmorProfile(); err != nil {