Merge pull request #219 from runcom/seccomp-buildtag

*: add seccomp buildtag
This commit is contained in:
Mrunal Patel 2016-11-29 08:18:06 -08:00 committed by GitHub
commit be32aa566e
4 changed files with 31 additions and 3 deletions

View file

@ -16,7 +16,7 @@ ETCDIR ?= ${DESTDIR}/etc
ETCDIR_OCID ?= ${ETCDIR}/ocid ETCDIR_OCID ?= ${ETCDIR}/ocid
GO_MD2MAN ?= $(shell which go-md2man) GO_MD2MAN ?= $(shell which go-md2man)
export GOPATH := ${CURDIR}/vendor export GOPATH := ${CURDIR}/vendor
BUILDTAGS := selinux BUILDTAGS := selinux seccomp
all: binaries ocid.conf docs all: binaries ocid.conf docs

View file

@ -43,9 +43,10 @@ It is currently in active development in the Kubernetes community through the [d
### Build ### Build
`glib2-devel` and `glibc-static` packages on Fedora or ` libglib2.0-dev` on Ubuntu or equivalent is required. `glib2-devel` and `glibc-static` packages on Fedora or ` libglib2.0-dev` on Ubuntu or equivalent is required.
In order to enable seccomp support you will need to install `libseccomp` on your platform.
> e.g. `libseccomp-devel` for CentOS/Fedora, or `libseccomp-dev` for Ubuntu
```bash
```
$ GOPATH=/path/to/gopath $ GOPATH=/path/to/gopath
$ mkdir $GOPATH $ mkdir $GOPATH
$ go get -d github.com/kubernetes-incubator/cri-o $ go get -d github.com/kubernetes-incubator/cri-o
@ -54,7 +55,17 @@ $ make install.tools
$ make $ make
$ sudo make install $ sudo make install
``` ```
Otherwise, if you do not want to build `cri-o` with seccomp support you can add `BUILDTAGS=""` when running make.
```bash
# create a 'github.com/kubernetes-incubator' in your $GOPATH/src
cd github.com/kubernetes-incubator
git clone https://github.com/kubernetes-incubator/cri-o
cd cri-o
make BUILDTAGS=""
sudo make install
```
### Running pods and containers ### Running pods and containers

View file

@ -1,3 +1,5 @@
// +build seccomp
package seccomp package seccomp
import ( import (

View file

@ -0,0 +1,15 @@
// +build !seccomp
package seccomp
import "github.com/opencontainers/runtime-tools/generate"
// LoadProfileFromStruct takes a Seccomp struct and setup seccomp in the spec.
func LoadProfileFromStruct(config Seccomp, specgen *generate.Generator) error {
return nil
}
// LoadProfileFromBytes takes a byte slice and decodes the seccomp profile.
func LoadProfileFromBytes(body []byte, specgen *generate.Generator) error {
return nil
}