From 7849e3efc80411cd0f763535be2eba0a28a729a4 Mon Sep 17 00:00:00 2001 From: Michal Sieron Date: Wed, 16 Oct 2024 17:42:13 +0200 Subject: [PATCH 1/2] Re-allow building without seccomp installed I think #3300 regressed #218 by unconditionally compiling with seccomp enabled. #6488 fixed this for non-linux and non-cgo build platforms, but the issue still exists when one uses a cgo-enabled Linux build host but still wants to build without seccomp. In such case build ends quickly with pkg-config error: `Package 'libseccomp' not found`. This patch makes internal/config/seccomp respect the seccomp buildtag. Signed-off-by: Michal Sieron --- internal/config/seccomp/notifier.go | 4 ++-- internal/config/seccomp/seccomp.go | 4 ++-- internal/config/seccomp/seccomp_unsupported.go | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/config/seccomp/notifier.go b/internal/config/seccomp/notifier.go index e6b8a1c9c50..f1a0aaff02e 100644 --- a/internal/config/seccomp/notifier.go +++ b/internal/config/seccomp/notifier.go @@ -1,5 +1,5 @@ -//go:build linux && cgo -// +build linux,cgo +//go:build seccomp && linux && cgo +// +build seccomp,linux,cgo package seccomp diff --git a/internal/config/seccomp/seccomp.go b/internal/config/seccomp/seccomp.go index ed8f607d7b6..85ce5ae5047 100644 --- a/internal/config/seccomp/seccomp.go +++ b/internal/config/seccomp/seccomp.go @@ -1,5 +1,5 @@ -//go:build linux && cgo -// +build linux,cgo +//go:build seccomp && linux && cgo +// +build seccomp,linux,cgo package seccomp diff --git a/internal/config/seccomp/seccomp_unsupported.go b/internal/config/seccomp/seccomp_unsupported.go index 6f5e64768ab..7c6502c1ef7 100644 --- a/internal/config/seccomp/seccomp_unsupported.go +++ b/internal/config/seccomp/seccomp_unsupported.go @@ -1,5 +1,5 @@ -//go:build !(linux && cgo) -// +build !linux !cgo +//go:build !(seccomp && linux && cgo) +// +build !seccomp !linux !cgo package seccomp From a271b4a79f0d178b1d158555dc94970f13b45938 Mon Sep 17 00:00:00 2001 From: Michal Sieron Date: Wed, 16 Oct 2024 20:47:47 +0200 Subject: [PATCH 2/2] seccomp_unsupported.go: Fix lint issues Added missing dots at the end of comments and ran through gofumpt. Signed-off-by: Michal Sieron --- internal/config/seccomp/seccomp_unsupported.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/internal/config/seccomp/seccomp_unsupported.go b/internal/config/seccomp/seccomp_unsupported.go index 7c6502c1ef7..b019387a2ad 100644 --- a/internal/config/seccomp/seccomp_unsupported.go +++ b/internal/config/seccomp/seccomp_unsupported.go @@ -12,20 +12,18 @@ import ( types "k8s.io/cri-api/pkg/apis/runtime/v1" ) -// Config is the global seccomp configuration type +// Config is the global seccomp configuration type. type Config struct { enabled bool } // Notifier wraps a seccomp notifier instance for a container. -type Notifier struct { -} +type Notifier struct{} // Notification is a seccomp notification which gets sent to the CRI-O server. -type Notification struct { -} +type Notification struct{} -// New creates a new default seccomp configuration instance +// New creates a new default seccomp configuration instance. func New() *Config { return &Config{ enabled: false, @@ -110,10 +108,11 @@ func (c *Config) IsDisabled() bool { return true } -// Profile returns the currently loaded seccomp profile +// Profile returns the currently loaded seccomp profile. func (c *Config) Profile() *seccomp.Seccomp { return nil } + func DefaultProfile() *seccomp.Seccomp { return nil }