Merge pull request #219 from runcom/seccomp-buildtag
*: add seccomp buildtag
This commit is contained in:
		
						commit
						be32aa566e
					
				
					 4 changed files with 31 additions and 3 deletions
				
			
		
							
								
								
									
										2
									
								
								Makefile
									
										
									
									
									
								
							
							
						
						
									
										2
									
								
								Makefile
									
										
									
									
									
								
							|  | @ -16,7 +16,7 @@ ETCDIR ?= ${DESTDIR}/etc | |||
| ETCDIR_OCID ?= ${ETCDIR}/ocid | ||||
| GO_MD2MAN ?= $(shell which go-md2man) | ||||
| export GOPATH := ${CURDIR}/vendor | ||||
| BUILDTAGS := selinux | ||||
| BUILDTAGS := selinux seccomp | ||||
| 
 | ||||
| all: binaries ocid.conf docs | ||||
| 
 | ||||
|  |  | |||
							
								
								
									
										15
									
								
								README.md
									
										
									
									
									
								
							
							
						
						
									
										15
									
								
								README.md
									
										
									
									
									
								
							|  | @ -43,9 +43,10 @@ It is currently in active development in the Kubernetes community through the [d | |||
| ### Build | ||||
| 
 | ||||
| `glib2-devel` and `glibc-static` packages on Fedora or ` libglib2.0-dev` on Ubuntu or equivalent is required. | ||||
| In order to enable seccomp support you will need to install `libseccomp` on your platform. | ||||
| > e.g. `libseccomp-devel` for CentOS/Fedora, or `libseccomp-dev` for Ubuntu | ||||
| 
 | ||||
| 
 | ||||
| ``` | ||||
| ```bash | ||||
| $ GOPATH=/path/to/gopath | ||||
| $ mkdir $GOPATH | ||||
| $ go get -d github.com/kubernetes-incubator/cri-o | ||||
|  | @ -54,7 +55,17 @@ $ make install.tools | |||
| $ make | ||||
| $ sudo make install | ||||
| ``` | ||||
| Otherwise, if you do not want to build `cri-o` with seccomp support you can add `BUILDTAGS=""` when running make. | ||||
| 
 | ||||
| ```bash | ||||
| # create a 'github.com/kubernetes-incubator' in your $GOPATH/src | ||||
| cd github.com/kubernetes-incubator | ||||
| git clone https://github.com/kubernetes-incubator/cri-o | ||||
| cd cri-o | ||||
| 
 | ||||
| make BUILDTAGS="" | ||||
| sudo make install | ||||
| ``` | ||||
| 
 | ||||
| ### Running pods and containers | ||||
| 
 | ||||
|  |  | |||
|  | @ -1,3 +1,5 @@ | |||
| // +build seccomp | ||||
| 
 | ||||
| package seccomp | ||||
| 
 | ||||
| import ( | ||||
|  |  | |||
							
								
								
									
										15
									
								
								server/seccomp/seccomp_unsupported.go
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								server/seccomp/seccomp_unsupported.go
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,15 @@ | |||
| // +build !seccomp | ||||
| 
 | ||||
| package seccomp | ||||
| 
 | ||||
| import "github.com/opencontainers/runtime-tools/generate" | ||||
| 
 | ||||
| // LoadProfileFromStruct takes a Seccomp struct and setup seccomp in the spec. | ||||
| func LoadProfileFromStruct(config Seccomp, specgen *generate.Generator) error { | ||||
| 	return nil | ||||
| } | ||||
| 
 | ||||
| // LoadProfileFromBytes takes a byte slice and decodes the seccomp profile. | ||||
| func LoadProfileFromBytes(body []byte, specgen *generate.Generator) error { | ||||
| 	return nil | ||||
| } | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue