Merge pull request #219 from runcom/seccomp-buildtag
*: add seccomp buildtag
This commit is contained in:
commit
be32aa566e
4 changed files with 31 additions and 3 deletions
2
Makefile
2
Makefile
|
@ -16,7 +16,7 @@ ETCDIR ?= ${DESTDIR}/etc
|
||||||
ETCDIR_OCID ?= ${ETCDIR}/ocid
|
ETCDIR_OCID ?= ${ETCDIR}/ocid
|
||||||
GO_MD2MAN ?= $(shell which go-md2man)
|
GO_MD2MAN ?= $(shell which go-md2man)
|
||||||
export GOPATH := ${CURDIR}/vendor
|
export GOPATH := ${CURDIR}/vendor
|
||||||
BUILDTAGS := selinux
|
BUILDTAGS := selinux seccomp
|
||||||
|
|
||||||
all: binaries ocid.conf docs
|
all: binaries ocid.conf docs
|
||||||
|
|
||||||
|
|
15
README.md
15
README.md
|
@ -43,9 +43,10 @@ It is currently in active development in the Kubernetes community through the [d
|
||||||
### Build
|
### Build
|
||||||
|
|
||||||
`glib2-devel` and `glibc-static` packages on Fedora or ` libglib2.0-dev` on Ubuntu or equivalent is required.
|
`glib2-devel` and `glibc-static` packages on Fedora or ` libglib2.0-dev` on Ubuntu or equivalent is required.
|
||||||
|
In order to enable seccomp support you will need to install `libseccomp` on your platform.
|
||||||
|
> e.g. `libseccomp-devel` for CentOS/Fedora, or `libseccomp-dev` for Ubuntu
|
||||||
|
|
||||||
|
```bash
|
||||||
```
|
|
||||||
$ GOPATH=/path/to/gopath
|
$ GOPATH=/path/to/gopath
|
||||||
$ mkdir $GOPATH
|
$ mkdir $GOPATH
|
||||||
$ go get -d github.com/kubernetes-incubator/cri-o
|
$ go get -d github.com/kubernetes-incubator/cri-o
|
||||||
|
@ -54,7 +55,17 @@ $ make install.tools
|
||||||
$ make
|
$ make
|
||||||
$ sudo make install
|
$ sudo make install
|
||||||
```
|
```
|
||||||
|
Otherwise, if you do not want to build `cri-o` with seccomp support you can add `BUILDTAGS=""` when running make.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# create a 'github.com/kubernetes-incubator' in your $GOPATH/src
|
||||||
|
cd github.com/kubernetes-incubator
|
||||||
|
git clone https://github.com/kubernetes-incubator/cri-o
|
||||||
|
cd cri-o
|
||||||
|
|
||||||
|
make BUILDTAGS=""
|
||||||
|
sudo make install
|
||||||
|
```
|
||||||
|
|
||||||
### Running pods and containers
|
### Running pods and containers
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
// +build seccomp
|
||||||
|
|
||||||
package seccomp
|
package seccomp
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|
15
server/seccomp/seccomp_unsupported.go
Normal file
15
server/seccomp/seccomp_unsupported.go
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
// +build !seccomp
|
||||||
|
|
||||||
|
package seccomp
|
||||||
|
|
||||||
|
import "github.com/opencontainers/runtime-tools/generate"
|
||||||
|
|
||||||
|
// LoadProfileFromStruct takes a Seccomp struct and setup seccomp in the spec.
|
||||||
|
func LoadProfileFromStruct(config Seccomp, specgen *generate.Generator) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// LoadProfileFromBytes takes a byte slice and decodes the seccomp profile.
|
||||||
|
func LoadProfileFromBytes(body []byte, specgen *generate.Generator) error {
|
||||||
|
return nil
|
||||||
|
}
|
Loading…
Reference in a new issue