Skip to content

Commit

Permalink
Remove seccomp information temporarily
Browse files Browse the repository at this point in the history
Signed-off-by: Kotaro Inoue <k.musaino@gmail.com>
  • Loading branch information
musaprg committed Sep 22, 2024
1 parent bb28d50 commit e28d8ac
Showing 1 changed file with 3 additions and 51 deletions.
54 changes: 3 additions & 51 deletions crates/youki/src/commands/features.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,8 @@ use caps::{all, CapSet};
use libcontainer::oci_spec::runtime::version;
use liboci_cli::Features;
use oci_spec::runtime::{
ApparmorBuilder, Arch, CgroupBuilder, FeaturesBuilder, IDMapBuilder, IntelRdtBuilder,
LinuxFeatureBuilder, LinuxNamespaceType, LinuxSeccompAction, MountExtensionsBuilder,
SeccompBuilder, SelinuxBuilder,
ApparmorBuilder, CgroupBuilder, FeaturesBuilder, IDMapBuilder, IntelRdtBuilder,
LinuxFeatureBuilder, LinuxNamespaceType, MountExtensionsBuilder, SelinuxBuilder,
};

// Function to query and return capabilities
Expand Down Expand Up @@ -148,53 +147,6 @@ pub fn features(_: Features) -> Result<()> {
}
};

let seccomp = SeccompBuilder::default()
.enabled(true)
.actions(vec![
LinuxSeccompAction::ScmpActKill,
LinuxSeccompAction::ScmpActKillThread,
LinuxSeccompAction::ScmpActKillProcess,
LinuxSeccompAction::ScmpActTrap,
LinuxSeccompAction::ScmpActErrno,
LinuxSeccompAction::ScmpActNotify,
LinuxSeccompAction::ScmpActTrace,
LinuxSeccompAction::ScmpActLog,
LinuxSeccompAction::ScmpActAllow,
])
.operators(vec![
String::from("SCMP_CMP_EQ"),
String::from("SCMP_CMP_GE"),
String::from("SCMP_CMP_GT"),
String::from("SCMP_CMP_LE"),
String::from("SCMP_CMP_LT"),
String::from("SCMP_CMP_MASKED_EQ"),
String::from("SCMP_CMP_NE"),
])
.archs(vec![
Arch::ScmpArchNative,
Arch::ScmpArchAarch64,
Arch::ScmpArchArm,
Arch::ScmpArchMips,
Arch::ScmpArchMips64,
Arch::ScmpArchMips64n32,
Arch::ScmpArchMipsel,
Arch::ScmpArchMipsel64,
Arch::ScmpArchMipsel64n32,
Arch::ScmpArchPpc,
Arch::ScmpArchPpc64,
Arch::ScmpArchPpc64le,
Arch::ScmpArchRiscv64,
Arch::ScmpArchS390,
Arch::ScmpArchS390x,
Arch::ScmpArchX32,
Arch::ScmpArchX86,
Arch::ScmpArchX86_64,
])
.known_flags(vec![])
.supported_flags(vec![])
.build()
.unwrap();

let linux = LinuxFeatureBuilder::default()
.namespaces(namespaces)
.capabilities(capabilities)
Expand All @@ -209,7 +161,7 @@ pub fn features(_: Features) -> Result<()> {
.build()
.unwrap(),
)
.seccomp(seccomp)
// TODO: Expose seccomp support information
.apparmor(ApparmorBuilder::default().enabled(true).build().unwrap())
.mount_extensions(
MountExtensionsBuilder::default()
Expand Down

0 comments on commit e28d8ac

Please sign in to comment.