containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Disable default Seccomp profile with privileged containers 

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #326
Approved by: baude
This commit is contained in:
Matthew Heon 2018-02-13 14:23:48 -05:00 committed by Atomic Bot
parent 35e1ad78fb
commit 4a39327bc5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/podman/spec.go
View File

@ -330,6 +330,11 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
}
}
// Clear default Seccomp profile from Generator for privileged containers
if config.SeccompProfilePath == "unconfined" || config.Privileged {
configSpec.Linux.Seccomp = nil
}
// BIND MOUNTS
mounts, err := config.GetVolumeMounts()
if err != nil {