sandbox, ctrs: fixup seccomp for 1.8

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-27 20:46:31 +02:00 · 2017-09-27 20:46:31 +02:00 · 7d7024999b
commit 7d7024999b
parent c70198617f
10 changed files with 290 additions and 394 deletions
--- a/libkpod/container_server.go
+++ b/libkpod/container_server.go
@ -325,6 +325,8 @@ func (c *ContainerServer) LoadSandbox(id string) error {
 		return err
 	}

+	spp := m.Annotations[annotations.SeccompProfilePath]
+
 	kubeAnnotations := make(map[string]string)
 	if err = json.Unmarshal([]byte(m.Annotations[annotations.Annotations]), &kubeAnnotations); err != nil {
 		return err
@ -339,6 +341,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
 	}
 	sb.AddHostnamePath(m.Annotations[annotations.HostnamePath])
 	sb.AddIP(ip)
+	sb.SetSeccompProfilePath(spp)

 	// We add a netNS only if we can load a permanent one.
 	// Otherwise, the sandbox will live in the host namespace.
@ -516,6 +519,8 @@ func (c *ContainerServer) LoadContainer(id string) error {
 	}
 	ctr.SetSpec(&m)
 	ctr.SetMountPoint(m.Annotations[annotations.MountPoint])
+	spp := m.Annotations[annotations.SeccompProfilePath]
+	ctr.SetSeccompProfilePath(spp)

 	c.ContainerStateFromDisk(ctr)

--- a/libkpod/sandbox/sandbox.go
+++ b/libkpod/sandbox/sandbox.go
@ -156,7 +156,8 @@ type Sandbox struct {
 	portMappings   []*hostport.PortMapping
 	stopped        bool
 	// ipv4 or ipv6 cache
-	ip string
+	ip                 string
+	seccompProfilePath string
 }

 const (
@ -205,6 +206,16 @@ func New(id, namespace, name, kubeName, logDir string, labels, annotations map[s
 	return sb, nil
 }

+// SetSeccompProfilePath sets the seccomp profile path
+func (s *Sandbox) SetSeccompProfilePath(pp string) {
+	s.seccompProfilePath = pp
+}
+
+// SeccompProfilePath returns the seccomp profile path
+func (s *Sandbox) SeccompProfilePath() string {
+	return s.seccompProfilePath
+}
+
 // AddIP stores the ip in the sandbox
 func (s *Sandbox) AddIP(ip string) {
 	s.ip = ip