Run without seccomp support
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
This commit is contained in:
parent
424fc8d0d6
commit
44e7e88ff3
2 changed files with 14 additions and 8 deletions
|
@ -326,6 +326,10 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !s.seccompEnabled {
|
||||||
|
g.Spec().Linux.Seccomp = nil
|
||||||
|
}
|
||||||
|
|
||||||
saveOptions := generate.ExportOptions{}
|
saveOptions := generate.ExportOptions{}
|
||||||
mountPoint, err := s.storage.StartContainer(id)
|
mountPoint, err := s.storage.StartContainer(id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -495,6 +495,7 @@ func New(config *Config) (*Server, error) {
|
||||||
appArmorEnabled: apparmor.IsEnabled(),
|
appArmorEnabled: apparmor.IsEnabled(),
|
||||||
appArmorProfile: config.ApparmorProfile,
|
appArmorProfile: config.ApparmorProfile,
|
||||||
}
|
}
|
||||||
|
if s.seccompEnabled {
|
||||||
seccompProfile, err := ioutil.ReadFile(config.SeccompProfile)
|
seccompProfile, err := ioutil.ReadFile(config.SeccompProfile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("opening seccomp profile (%s) failed: %v", config.SeccompProfile, err)
|
return nil, fmt.Errorf("opening seccomp profile (%s) failed: %v", config.SeccompProfile, err)
|
||||||
|
@ -504,6 +505,7 @@ func New(config *Config) (*Server, error) {
|
||||||
return nil, fmt.Errorf("decoding seccomp profile failed: %v", err)
|
return nil, fmt.Errorf("decoding seccomp profile failed: %v", err)
|
||||||
}
|
}
|
||||||
s.seccompProfile = seccompConfig
|
s.seccompProfile = seccompConfig
|
||||||
|
}
|
||||||
|
|
||||||
if s.appArmorEnabled && s.appArmorProfile == apparmor.DefaultApparmorProfile {
|
if s.appArmorEnabled && s.appArmorProfile == apparmor.DefaultApparmorProfile {
|
||||||
if err := apparmor.EnsureDefaultApparmorProfile(); err != nil {
|
if err := apparmor.EnsureDefaultApparmorProfile(); err != nil {
|
||||||
|
|
Loading…
Reference in a new issue