WithProfile receives the name of a file stored on disk comprising a json formatted seccomp profile, as specified by the opencontainers/runtime-spec. The profile is read from the file, unmarshaled, and set to the spec.
(profile string)
| 31 | // formatted seccomp profile, as specified by the opencontainers/runtime-spec. |
| 32 | // The profile is read from the file, unmarshaled, and set to the spec. |
| 33 | func WithProfile(profile string) oci.SpecOpts { |
| 34 | return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { |
| 35 | s.Linux.Seccomp = &specs.LinuxSeccomp{} |
| 36 | f, err := os.ReadFile(profile) |
| 37 | if err != nil { |
| 38 | return fmt.Errorf("cannot load seccomp profile %q: %v", profile, err) |
| 39 | } |
| 40 | if err := json.Unmarshal(f, s.Linux.Seccomp); err != nil { |
| 41 | return fmt.Errorf("decoding seccomp profile failed %q: %v", profile, err) |
| 42 | } |
| 43 | return nil |
| 44 | } |
| 45 | } |
| 46 | |
| 47 | // WithDefaultProfile sets the default seccomp profile to the spec. |
| 48 | // Note: must follow the setting of process capabilities |
searching dependent graphs…