[BREAKING CHANGE] seccomp_profile is no longer configurable (#53)

knight42 · web-flow · commit 8454f6516ee4 · 2024-01-13T10:30:21.000Z
Signed-off-by: Jian Zeng &lt;anonymousknight96@gmail.com&gt;
diff --git a/cmd/yukid/README.md b/cmd/yukid/README.md
@@ -88,12 +88,6 @@ repo_config_dir = ["/path/to/config-dir"]
 ## 如果为 0 的话则不会超时。注意修改的配置仅对新启动的同步容器生效
 ## 默认值为 0
 #sync_timeout = "48h"
-
-## 修改同步时的 seccomp profile，用于特殊用途的容器
-## 例如，使用 seccomp user notify 的程序需要放行一些相关的系统调用
-## 留空时使用 docker daemon 默认的 seccomp 配置
-## 默认值为空
-#seccomp_profile = "/path/to/seccomp/profile.json"
 ```
 
 ### Repo Configuration
diff --git a/pkg/docker/cli.go b/pkg/docker/cli.go
@@ -26,8 +26,7 @@ type RunContainerConfig struct {
 	Name   string
 
 	// HostConfig
-	SecurityOpt []string
-	Binds       []string
+	Binds []string
 
 	// NetworkingConfig
 	Network string
@@ -80,8 +79,7 @@ func (c *clientImpl) RunContainer(ctx context.Context, config RunContainerConfig
 		}
 
 		cfg.Spec.HostConfig = containerapi.HostConfig{
-			Binds:       config.Binds,
-			SecurityOpt: config.SecurityOpt,
+			Binds: config.Binds,
 		}
 		cfg.Spec.HostConfig.Mounts = []mount.Mount{
 			{
diff --git a/pkg/server/config.go b/pkg/server/config.go
@@ -22,7 +22,6 @@ type Config struct {
 	PostSync              []string      `mapstructure:"post_sync"`
 	ImagesUpgradeInterval time.Duration `mapstructure:"images_upgrade_interval" validate:"min=0"`
 	SyncTimeout           time.Duration `mapstructure:"sync_timeout" validate:"min=0"`
-	SeccompProfile        string        `mapstructure:"seccomp_profile" validate:"omitempty,filepath"`
 }
 
 var DefaultConfig = Config{
diff --git a/pkg/server/utils.go b/pkg/server/utils.go
@@ -386,11 +386,6 @@ func (s *Server) syncRepo(ctx context.Context, name string, debug bool) error {
 		repo.User = s.config.Owner
 	}
 
-	var securityOpt []string
-	if len(s.config.SeccompProfile) > 0 {
-		securityOpt = append(securityOpt, "seccomp="+s.config.SeccompProfile)
-	}
-
 	envMap := repo.Envs
 	if len(envMap) == 0 {
 		envMap = make(map[string]string)
@@ -425,12 +420,11 @@ func (s *Server) syncRepo(ctx context.Context, name string, debug bool) error {
 				api.LabelRepoName:   repo.Name,
 				api.LabelStorageDir: repo.StorageDir,
 			},
-			Env:         envs,
-			Image:       repo.Image,
-			Name:        ctName,
-			SecurityOpt: securityOpt,
-			Binds:       binds,
-			Network:     repo.Network,
+			Env:     envs,
+			Image:   repo.Image,
+			Name:    ctName,
+			Binds:   binds,
+			Network: repo.Network,
 		},
 	)
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -26,8 +26,7 @@ type RunContainerConfig struct {`
`26`	`26`	`Name string`
`27`	`27`
`28`	`28`	`// HostConfig`
`29`		`- SecurityOpt []string`
`30`		`- Binds []string`
	`29`	`+ Binds []string`
`31`	`30`
`32`	`31`	`// NetworkingConfig`
`33`	`32`	`Network string`
`@@ -80,8 +79,7 @@ func (c *clientImpl) RunContainer(ctx context.Context, config RunContainerConfig`
`80`	`79`	`}`
`81`	`80`
`82`	`81`	`cfg.Spec.HostConfig = containerapi.HostConfig{`
`83`		`- Binds: config.Binds,`
`84`		`- SecurityOpt: config.SecurityOpt,`
	`82`	`+ Binds: config.Binds,`
`85`	`83`	`}`
`86`	`84`	`cfg.Spec.HostConfig.Mounts = []mount.Mount{`
`87`	`85`	`{`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,6 @@ type Config struct {`
`22`	`22`	PostSync []string `mapstructure:"post_sync"`
`23`	`23`	ImagesUpgradeInterval time.Duration `mapstructure:"images_upgrade_interval" validate:"min=0"`
`24`	`24`	SyncTimeout time.Duration `mapstructure:"sync_timeout" validate:"min=0"`
`25`		- SeccompProfile string `mapstructure:"seccomp_profile" validate:"omitempty,filepath"`
`26`	`25`	`}`
`27`	`26`
`28`	`27`	`var DefaultConfig = Config{`