Disable default Seccomp profile with privileged containers
Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #326 Approved by: baude
This commit is contained in:
		
							parent
							
								
									35e1ad78fb
								
							
						
					
					
						commit
						4a39327bc5
					
				|  | @ -330,6 +330,11 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { | |||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	// Clear default Seccomp profile from Generator for privileged containers
 | ||||
| 	if config.SeccompProfilePath == "unconfined" || config.Privileged { | ||||
| 		configSpec.Linux.Seccomp = nil | ||||
| 	} | ||||
| 
 | ||||
| 	// BIND MOUNTS
 | ||||
| 	mounts, err := config.GetVolumeMounts() | ||||
| 	if err != nil { | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue