From 0e4af6d69dcc3ae21360f494b63bb2bf152a9ae1 Mon Sep 17 00:00:00 2001
From: Antonio Murdaca <runcom@redhat.com>
Date: Tue, 29 Nov 2016 16:59:51 +0100
Subject: [PATCH] *: add seccomp buildtag

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
---
 Makefile                              |  2 +-
 README.md                             | 15 +++++++++++++--
 server/seccomp/seccomp.go             |  2 ++
 server/seccomp/seccomp_unsupported.go | 15 +++++++++++++++
 4 files changed, 31 insertions(+), 3 deletions(-)
 create mode 100644 server/seccomp/seccomp_unsupported.go

diff --git a/Makefile b/Makefile
index c5cbeb07..2d719955 100644
--- a/Makefile
+++ b/Makefile
@@ -16,7 +16,7 @@ ETCDIR ?= ${DESTDIR}/etc
 ETCDIR_OCID ?= ${ETCDIR}/ocid
 GO_MD2MAN ?= $(shell which go-md2man)
 export GOPATH := ${CURDIR}/vendor
-BUILDTAGS := selinux
+BUILDTAGS := selinux seccomp
 
 all: binaries ocid.conf docs
 
diff --git a/README.md b/README.md
index 6494f6f2..ad96afcb 100644
--- a/README.md
+++ b/README.md
@@ -43,9 +43,10 @@ It is currently in active development in the Kubernetes community through the [d
 ### Build
 
 `glib2-devel` and `glibc-static` packages on Fedora or ` libglib2.0-dev` on Ubuntu or equivalent is required.
+In order to enable seccomp support you will need to install `libseccomp` on your platform.
+> e.g. `libseccomp-devel` for CentOS/Fedora, or `libseccomp-dev` for Ubuntu
 
-
-```
+```bash
 $ GOPATH=/path/to/gopath
 $ mkdir $GOPATH
 $ go get -d github.com/kubernetes-incubator/cri-o
@@ -54,7 +55,17 @@ $ make install.tools
 $ make
 $ sudo make install
 ```
+Otherwise, if you do not want to build `cri-o` with seccomp support you can add `BUILDTAGS=""` when running make.
 
+```bash
+# create a 'github.com/kubernetes-incubator' in your $GOPATH/src
+cd github.com/kubernetes-incubator
+git clone https://github.com/kubernetes-incubator/cri-o
+cd cri-o
+
+make BUILDTAGS=""
+sudo make install
+```
 
 ### Running pods and containers
 
diff --git a/server/seccomp/seccomp.go b/server/seccomp/seccomp.go
index 9d351c04..2d4c9480 100644
--- a/server/seccomp/seccomp.go
+++ b/server/seccomp/seccomp.go
@@ -1,3 +1,5 @@
+// +build seccomp
+
 package seccomp
 
 import (
diff --git a/server/seccomp/seccomp_unsupported.go b/server/seccomp/seccomp_unsupported.go
new file mode 100644
index 00000000..7ea2417f
--- /dev/null
+++ b/server/seccomp/seccomp_unsupported.go
@@ -0,0 +1,15 @@
+// +build !seccomp
+
+package seccomp
+
+import "github.com/opencontainers/runtime-tools/generate"
+
+// LoadProfileFromStruct takes a Seccomp struct and setup seccomp in the spec.
+func LoadProfileFromStruct(config Seccomp, specgen *generate.Generator) error {
+	return nil
+}
+
+// LoadProfileFromBytes takes a byte slice and decodes the seccomp profile.
+func LoadProfileFromBytes(body []byte, specgen *generate.Generator) error {
+	return nil
+}