MCPcopy
hub / github.com/containerd/containerd / WithProfile

Function WithProfile

contrib/seccomp/seccomp.go:33–45  ·  view source on GitHub ↗

WithProfile receives the name of a file stored on disk comprising a json formatted seccomp profile, as specified by the opencontainers/runtime-spec. The profile is read from the file, unmarshaled, and set to the spec.

(profile string)

Source from the content-addressed store, hash-verified

31// formatted seccomp profile, as specified by the opencontainers/runtime-spec.
32// The profile is read from the file, unmarshaled, and set to the spec.
33func WithProfile(profile string) oci.SpecOpts {
34 return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
35 s.Linux.Seccomp = &specs.LinuxSeccomp{}
36 f, err := os.ReadFile(profile)
37 if err != nil {
38 return fmt.Errorf("cannot load seccomp profile %q: %v", profile, err)
39 }
40 if err := json.Unmarshal(f, s.Linux.Seccomp); err != nil {
41 return fmt.Errorf("decoding seccomp profile failed %q: %v", profile, err)
42 }
43 return nil
44 }
45}
46
47// WithDefaultProfile sets the default seccomp profile to the spec.
48// Note: must follow the setting of process capabilities

Callers 3

GenerateSeccompSpecOptsFunction · 0.92
NewContainerFunction · 0.92

Calls 1

UnmarshalMethod · 0.80

Used in the wild real call sites across dependent graphs

searching dependent graphs…