github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

ctr: CLI Flag (seccomp-profile) for setting custom seccomp profile.

Browse Source 
Signed-off-by: Shishir Mahajan <smahajan@roblox.com>
This commit is contained in:
Shishir Mahajan 2020-09-02 15:55:44 -07:00
parent cbb4e43763
commit 1eae524df6
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/ctr/commands/commands.go
View File

@ -155,6 +155,10 @@ var (
Name: "seccomp", Name: "seccomp",
Usage: "enable the default seccomp profile", Usage: "enable the default seccomp profile",
}, },
cli.StringFlag{
Name: "seccomp-profile",
Usage: "file path to custom seccomp profile. seccomp must be set to true, before using seccomp-profile",
},
} }
) )

17
cmd/ctr/commands/run/run_unix.go
View File

@ -20,6 +20,7 @@ package run
import ( import (
gocontext "context" gocontext "context"
"fmt"
"path/filepath" "path/filepath"
"strconv" "strconv"
"strings" "strings"
@ -185,9 +186,21 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
if context.Bool("net-host") { if context.Bool("net-host") {
opts = append(opts, oci.WithHostNamespace(specs.NetworkNamespace), oci.WithHostHostsFile, oci.WithHostResolvconf) opts = append(opts, oci.WithHostNamespace(specs.NetworkNamespace), oci.WithHostHostsFile, oci.WithHostResolvconf)
} }
if context.Bool("seccomp") {
opts = append(opts, seccomp.WithDefaultProfile()) seccompProfile := context.String("seccomp-profile")
if !context.Bool("seccomp") && seccompProfile != "" {
return nil, fmt.Errorf("seccomp must be set to true, if using a custom seccomp-profile")
} }
if context.Bool("seccomp") {
if seccompProfile != "" {
opts = append(opts, seccomp.WithProfile(seccompProfile))
} else {
opts = append(opts, seccomp.WithDefaultProfile())
}
}
if cpus := context.Float64("cpus"); cpus > 0.0 { if cpus := context.Float64("cpus"); cpus > 0.0 {
var ( var (
period = uint64(100000) period = uint64(100000)