From e28d8acf22928e3b12c64fcf18e6ba45777bffe2 Mon Sep 17 00:00:00 2001 From: Kotaro Inoue Date: Mon, 23 Sep 2024 00:22:21 +0900 Subject: [PATCH] Remove seccomp information temporarily Signed-off-by: Kotaro Inoue --- crates/youki/src/commands/features.rs | 54 ++------------------------- 1 file changed, 3 insertions(+), 51 deletions(-) diff --git a/crates/youki/src/commands/features.rs b/crates/youki/src/commands/features.rs index d4c4a99694..cc4ddf0556 100644 --- a/crates/youki/src/commands/features.rs +++ b/crates/youki/src/commands/features.rs @@ -6,9 +6,8 @@ use caps::{all, CapSet}; use libcontainer::oci_spec::runtime::version; use liboci_cli::Features; use oci_spec::runtime::{ - ApparmorBuilder, Arch, CgroupBuilder, FeaturesBuilder, IDMapBuilder, IntelRdtBuilder, - LinuxFeatureBuilder, LinuxNamespaceType, LinuxSeccompAction, MountExtensionsBuilder, - SeccompBuilder, SelinuxBuilder, + ApparmorBuilder, CgroupBuilder, FeaturesBuilder, IDMapBuilder, IntelRdtBuilder, + LinuxFeatureBuilder, LinuxNamespaceType, MountExtensionsBuilder, SelinuxBuilder, }; // Function to query and return capabilities @@ -148,53 +147,6 @@ pub fn features(_: Features) -> Result<()> { } }; - let seccomp = SeccompBuilder::default() - .enabled(true) - .actions(vec![ - LinuxSeccompAction::ScmpActKill, - LinuxSeccompAction::ScmpActKillThread, - LinuxSeccompAction::ScmpActKillProcess, - LinuxSeccompAction::ScmpActTrap, - LinuxSeccompAction::ScmpActErrno, - LinuxSeccompAction::ScmpActNotify, - LinuxSeccompAction::ScmpActTrace, - LinuxSeccompAction::ScmpActLog, - LinuxSeccompAction::ScmpActAllow, - ]) - .operators(vec![ - String::from("SCMP_CMP_EQ"), - String::from("SCMP_CMP_GE"), - String::from("SCMP_CMP_GT"), - String::from("SCMP_CMP_LE"), - String::from("SCMP_CMP_LT"), - String::from("SCMP_CMP_MASKED_EQ"), - String::from("SCMP_CMP_NE"), - ]) - .archs(vec![ - Arch::ScmpArchNative, - Arch::ScmpArchAarch64, - Arch::ScmpArchArm, - Arch::ScmpArchMips, - Arch::ScmpArchMips64, - Arch::ScmpArchMips64n32, - Arch::ScmpArchMipsel, - Arch::ScmpArchMipsel64, - Arch::ScmpArchMipsel64n32, - Arch::ScmpArchPpc, - Arch::ScmpArchPpc64, - Arch::ScmpArchPpc64le, - Arch::ScmpArchRiscv64, - Arch::ScmpArchS390, - Arch::ScmpArchS390x, - Arch::ScmpArchX32, - Arch::ScmpArchX86, - Arch::ScmpArchX86_64, - ]) - .known_flags(vec![]) - .supported_flags(vec![]) - .build() - .unwrap(); - let linux = LinuxFeatureBuilder::default() .namespaces(namespaces) .capabilities(capabilities) @@ -209,7 +161,7 @@ pub fn features(_: Features) -> Result<()> { .build() .unwrap(), ) - .seccomp(seccomp) + // TODO: Expose seccomp support information .apparmor(ApparmorBuilder::default().enabled(true).build().unwrap()) .mount_extensions( MountExtensionsBuilder::default()