CreateProfile creates a seccomp profile.
(s *state.State, c Instance)
| 832 | |
| 833 | // CreateProfile creates a seccomp profile. |
| 834 | func CreateProfile(s *state.State, c Instance) error { |
| 835 | /* Unlike apparmor, there is no way to "cache" profiles, and profiles |
| 836 | * are automatically unloaded when a task dies. Thus, we don't need to |
| 837 | * unload them when a container stops, and we don't have to worry about |
| 838 | * the mtime on the file for any compiler purpose, so let's just write |
| 839 | * out the profile. |
| 840 | */ |
| 841 | if !InstanceNeedsPolicy(c) { |
| 842 | return nil |
| 843 | } |
| 844 | |
| 845 | profile, err := seccompGetPolicyContent(s, c) |
| 846 | if err != nil { |
| 847 | return err |
| 848 | } |
| 849 | |
| 850 | err = os.MkdirAll(seccompPath, 0o700) |
| 851 | if err != nil { |
| 852 | return err |
| 853 | } |
| 854 | |
| 855 | return os.WriteFile(ProfilePath(c), []byte(profile), 0o600) |
| 856 | } |
| 857 | |
| 858 | // DeleteProfile removes a seccomp profile. |
| 859 | func DeleteProfile(c Instance) { |
no test coverage detected
searching dependent graphs…