github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

refactor based on comments

Browse Source 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
This commit is contained in:
Mike Brown
2020-12-03 16:25:12 -06:00
parent b4727eafbe
commit 6467c3374d
6 changed files with 147 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/cri/server/sandbox_run_linux.go
View File

@@ -163,10 +163,19 @@ func (c *criService) sandboxContainerSpecOpts(config *runtime.PodSandboxConfig,
var (
securityContext = config.GetLinux().GetSecurityContext()
specOpts []oci.SpecOpts
err error
)
ssp := securityContext.GetSeccomp()
if ssp == nil {
ssp, err = generateSeccompSecurityProfile(
securityContext.GetSeccompProfilePath(), // nolint:staticcheck deprecated but we don't want to remove yet
c.config.UnsetSeccompProfile)
if err != nil {
return nil, errors.Wrap(err, "failed to generate seccomp spec opts")
}
}
seccompSpecOpts, err := c.generateSeccompSpecOpts(
securityContext.GetSeccomp(),
securityContext.GetSeccompProfilePath(), // nolint:staticcheck deprecated but we don't want to remove yet
ssp,
securityContext.GetPrivileged(),
c.seccompEnabled())
if err != nil {