From 6bd797b43fa738efc7eed02e96c21b352aa1c25b Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Tue, 31 May 2016 16:54:55 +0100
Subject: [PATCH] Error out if user tries to specify a custom seccomp profile
 on system that does not support it

Fixes #23031

If a profile is explicitly passed but the system is not built with seccomp support,
error out rather than just running without a profile at all as we would previously.
Behaviour is unchanged if no profile is specified or unconfined is specified.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 daemon/seccomp_disabled.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/daemon/seccomp_disabled.go b/daemon/seccomp_disabled.go
index 620eee29bf..8f13f5606d 100644
--- a/daemon/seccomp_disabled.go
+++ b/daemon/seccomp_disabled.go
@@ -3,10 +3,15 @@
 package daemon
 
 import (
+	"fmt"
+
 	"github.com/docker/docker/container"
 	"github.com/opencontainers/specs/specs-go"
 )
 
 func setSeccomp(daemon *Daemon, rs *specs.Spec, c *container.Container) error {
+	if c.SeccompProfile != "" && c.SeccompProfile != "unconfined" {
+		return fmt.Errorf("seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile")
+	}
 	return nil
 }