Merge pull request #219 from runcom/seccomp-buildtag

*: add seccomp buildtag

Makefile

@@ -16,7 +16,7 @@ ETCDIR ?= ${DESTDIR}/etc
 ETCDIR_OCID ?= ${ETCDIR}/ocid
 GO_MD2MAN ?= $(shell which go-md2man)
 export GOPATH := ${CURDIR}/vendor
-BUILDTAGS := selinux
+BUILDTAGS := selinux seccomp
 
 all: binaries ocid.conf docs
 

README.md

@@ -43,9 +43,10 @@ It is currently in active development in the Kubernetes community through the [d
 ### Build
 
 `glib2-devel` and `glibc-static` packages on Fedora or ` libglib2.0-dev` on Ubuntu or equivalent is required.
+In order to enable seccomp support you will need to install `libseccomp` on your platform.
+> e.g. `libseccomp-devel` for CentOS/Fedora, or `libseccomp-dev` for Ubuntu
 
-
-```
+```bash
 $ GOPATH=/path/to/gopath
 $ mkdir $GOPATH
 $ go get -d github.com/kubernetes-incubator/cri-o
@@ -54,7 +55,17 @@ $ make install.tools
 $ make
 $ sudo make install
 ```
+Otherwise, if you do not want to build `cri-o` with seccomp support you can add `BUILDTAGS=""` when running make.
 
+```bash
+# create a 'github.com/kubernetes-incubator' in your $GOPATH/src
+cd github.com/kubernetes-incubator
+git clone https://github.com/kubernetes-incubator/cri-o
+cd cri-o
+
+make BUILDTAGS=""
+sudo make install
+```
 
 ### Running pods and containers
 

server/seccomp/seccomp.go

@@ -1,3 +1,5 @@
+// +build seccomp
+
 package seccomp
 
 import (

server/seccomp/seccomp_unsupported.go

@@ -0,0 +1,15 @@
+// +build !seccomp
+
+package seccomp
+
+import "github.com/opencontainers/runtime-tools/generate"
+
+// LoadProfileFromStruct takes a Seccomp struct and setup seccomp in the spec.
+func LoadProfileFromStruct(config Seccomp, specgen *generate.Generator) error {
+	return nil
+}
+
+// LoadProfileFromBytes takes a byte slice and decodes the seccomp profile.
+func LoadProfileFromBytes(body []byte, specgen *generate.Generator) error {
+	return nil
+}