Change generator receivers to pointers, other fixes

Signed-off-by: Grantseltzer <grantseltzer@gmail.com>

cmd/ocitools/generate.go

@@ -50,8 +50,8 @@ var generateFlags = []cli.Flag{
 	cli.StringSliceFlag{Name: "sysctl", Usage: "add sysctl settings e.g net.ipv4.forward=1"},
 	cli.StringFlag{Name: "apparmor", Usage: "specifies the the apparmor profile for the container"},
 	cli.BoolFlag{Name: "seccomp-only", Usage: "specifies to export just a seccomp configuration file"},
-	cli.StringFlag{Name: "seccomp-arch", Usage: "specifies additional architectures permitted to be used for system calls"},
-	cli.StringFlag{Name: "seccomp-default", Usage: "specifies default action to be used for system calls"},
+	cli.StringFlag{Name: "seccomp-arch", Value: "amd64,x86,x32", Usage: "specifies additional architectures permitted to be used for system calls"},
+	cli.StringFlag{Name: "seccomp-default", Value: "errno", Usage: "specifies default action to be used for system calls"},
 	cli.StringFlag{Name: "seccomp-allow", Usage: "specifies syscalls to respond with allow"},
 	cli.StringFlag{Name: "seccomp-trap", Usage: "specifies syscalls to respond with trap"},
 	cli.StringFlag{Name: "seccomp-errno", Usage: "specifies syscalls to respond with errno"},
@@ -311,79 +311,71 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
 		}
 	}
 
-	err := addSeccomp(*g, context)
+	err := addSeccomp(g, context)
 	if err != nil {
 		return err
 	}
 
 	return nil
 }
 
-func addSeccomp(g generate.Generator, context *cli.Context) error {
-	seccompDefault := context.String("seccomp-default")
-	seccompArch := context.String("seccomp-arch")
-	seccompKill := context.String("seccomp-kill")
-	seccompTrace := context.String("seccomp-trace")
-	seccompErrno := context.String("seccomp-errno")
-	seccompTrap := context.String("seccomp-trap")
-	seccompAllow := context.String("seccomp-allow")
+func addSeccomp(g *generate.Generator, context *cli.Context) error {
 
 	// Set the DefaultAction of seccomp
-	if seccompDefault == "" {
-		seccompDefault = "errno"
-	}
-
+	seccompDefault := context.String("seccomp-default")
 	err := g.SetDefaultSeccompAction(seccompDefault)
 	if err != nil {
 		return err
 	}
 
 	// Add the additional architectures permitted to be used for system calls
-	if seccompArch == "" {
-		seccompArch = "amd64,x86,x32" // Default Architectures
-	}
-
+	seccompArch := context.String("seccomp-arch")
 	architectureArgs := strings.Split(seccompArch, ",")
 	err = g.SetSeccompArchitectures(architectureArgs)
 	if err != nil {
 		return err
 	}
 
-	if seccompKill != "" {
+	if context.IsSet("seccomp-kill") {
+		seccompKill := context.String("seccomp-kill")
 		killArgs := strings.Split(seccompKill, ",")
-		err = g.SetSyscallActions("kill", killArgs)
+		err := g.SetSyscallActions("kill", killArgs)
 		if err != nil {
 			return err
 		}
 	}
 
-	if seccompTrace != "" {
+	if context.IsSet("seccomp-trace") {
+		seccompTrace := context.String("seccomp-trace")
 		traceArgs := strings.Split(seccompTrace, ",")
-		err = g.SetSyscallActions("trace", traceArgs)
+		err := g.SetSyscallActions("trace", traceArgs)
 		if err != nil {
 			return err
 		}
 	}
 
-	if seccompErrno != "" {
+	if context.IsSet("seccomp-errno") {
+		seccompErrno := context.String("seccomp-errno")
 		errnoArgs := strings.Split(seccompErrno, ",")
-		err = g.SetSyscallActions("errno", errnoArgs)
+		err := g.SetSyscallActions("errno", errnoArgs)
 		if err != nil {
 			return err
 		}
 	}
 
-	if seccompTrap != "" {
+	if context.IsSet("seccomp-trap") {
+		seccompTrap := context.String("seccomp-trap")
 		trapArgs := strings.Split(seccompTrap, ",")
-		err = g.SetSyscallActions("trap", trapArgs)
+		err := g.SetSyscallActions("trap", trapArgs)
 		if err != nil {
 			return err
 		}
 	}
 
-	if seccompAllow != "" {
+	if context.IsSet("seccomp-allow") {
+		seccompAllow := context.String("seccomp-allow")
 		allowArgs := strings.Split(seccompAllow, ",")
-		err = g.SetSyscallActions("allow", allowArgs)
+		err := g.SetSyscallActions("allow", allowArgs)
 		if err != nil {
 			return err
 		}

generate/generate.go

@@ -143,7 +143,6 @@ func New() Generator {
 					Type: "mount",
 				},
 			},
-			Seccomp: &rspec.Seccomp{},
 			Devices: []rspec.Device{},
 		},
 	}
@@ -866,21 +865,25 @@ func (g *Generator) RemoveLinuxNamespace(ns string) error {
 func strPtr(s string) *string { return &s }
 
 // SetSyscallActions adds rules for syscalls with the specified action
-func (g Generator) SetSyscallActions(action string, arguments []string) error {
+func (g *Generator) SetSyscallActions(action string, arguments []string) error {
+	g.initSpecLinuxSeccomp()
 	return seccomp.ParseSyscallFlag(action, arguments, g.spec.Linux.Seccomp)
 }
 
 // SetDefaultSeccompAction sets the default action for all syscalls not defined
-func (g Generator) SetDefaultSeccompAction(action string) error {
+func (g *Generator) SetDefaultSeccompAction(action string) error {
+	g.initSpecLinuxSeccomp()
 	return seccomp.ParseDefaultAction(action, g.spec.Linux.Seccomp)
 }
 
 // SetSeccompArchitectures sets the supported seccomp architectures
-func (g Generator) SetSeccompArchitectures(architectures []string) error {
+func (g *Generator) SetSeccompArchitectures(architectures []string) error {
+	g.initSpecLinuxSeccomp()
 	return seccomp.ParseArchitectureFlag(architectures, g.spec.Linux.Seccomp)
 }
 
 // RemoveSeccompRule removes rules for any specified syscalls
-func (g Generator) RemoveSeccompRule(arguments string) error {
+func (g *Generator) RemoveSeccompRule(arguments string) error {
+	g.initSpecLinuxSeccomp()
 	return seccomp.RemoveAction(arguments, g.spec.Linux.Seccomp)
 }