Run without seccomp support

Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>

server/sandbox_run.go

@@ -326,6 +326,10 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 		}
 	}
 
+	if !s.seccompEnabled {
+		g.Spec().Linux.Seccomp = nil
+	}
+
 	saveOptions := generate.ExportOptions{}
 	mountPoint, err := s.storage.StartContainer(id)
 	if err != nil {

server/server.go

@@ -495,15 +495,17 @@ func New(config *Config) (*Server, error) {
 		appArmorEnabled: apparmor.IsEnabled(),
 		appArmorProfile: config.ApparmorProfile,
 	}
-	seccompProfile, err := ioutil.ReadFile(config.SeccompProfile)
+	if s.seccompEnabled {
-	if err != nil {
+		seccompProfile, err := ioutil.ReadFile(config.SeccompProfile)
-		return nil, fmt.Errorf("opening seccomp profile (%s) failed: %v", config.SeccompProfile, err)
+		if err != nil {
+			return nil, fmt.Errorf("opening seccomp profile (%s) failed: %v", config.SeccompProfile, err)
+		}
+		var seccompConfig seccomp.Seccomp
+		if err := json.Unmarshal(seccompProfile, &seccompConfig); err != nil {
+			return nil, fmt.Errorf("decoding seccomp profile failed: %v", err)
+		}
+		s.seccompProfile = seccompConfig
 	}
-	var seccompConfig seccomp.Seccomp
-	if err := json.Unmarshal(seccompProfile, &seccompConfig); err != nil {
-		return nil, fmt.Errorf("decoding seccomp profile failed: %v", err)
-	}
-	s.seccompProfile = seccompConfig
 
 	if s.appArmorEnabled && s.appArmorProfile == apparmor.DefaultApparmorProfile {
 		if err := apparmor.EnsureDefaultApparmorProfile(); err != nil {