Use containers/common for seccomp handling#2569
Conversation
|
cc @cyphar |
This change introduces the new dependency `containers/common`, which mainly conains the logic from libcontainer/seccomp. We're also now able to completely remove the internal `Seccomp` type and only rely on the runtime-spec. The only visible API is now internal only (see `internal/seccomp`). Signed-off-by: Sascha Grunert <sgrunert@suse.com>
| gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= | ||
| gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= | ||
| honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= | ||
| honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= |
There was a problem hiding this comment.
Not sure why so much changes in here... have you tried go mod tidy?
There was a problem hiding this comment.
Yes, go mod tidy does not change anything inside go.sum.
|
LGTM overall, and kudos for using |
|
This would probably need a rewrite given #2750. |
|
I'm also slightly concerned about this PR because it's changing the serialisation format of the |
Ah yeah so I guess we cannot remove the internal types in an easy way. I'm closing for now and will revisit later. |
|
Yeah in the long-term we should work on removing the really ugly libcontainer serialisation but unfortunately for now it is needed and changing it has caused some /lovely/ bugs in the past. |
3 participants
This change introduces the new dependency
containers/common, whichmainly conains the logic from libcontainer/seccomp. We're also now able
to completely remove the internal
Seccomptype and only rely on theruntime-spec. The only visible API is now internal only (see
internal/seccomp).Fixes #2565
PTAL @rhatdan @mrunalp @AkihiroSuda @kolyshkin