seccomp: allow specifying a custom profile with --privileged

`--privileged --security-opt seccomp=<CUSTOM.json>` was ignoring `<CUSTOM.json>`. Fix issue 47499 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2026-01-11 18:51:37 +00:00 · 2024-03-05 23:37:29 +09:00
parent 22c212d208
commit 896de6d426
3 changed files with 63 additions and 5 deletions
--- a/daemon/seccomp_linux.go
+++ b/daemon/seccomp_linux.go
@@ -22,7 +22,11 @@ func WithSeccomp(daemon *Daemon, c *container.Container) coci.SpecOpts {
 			return nil
 		}
 		if c.HostConfig.Privileged {
-			return nil
+			var err error
+			if c.SeccompProfile != "" {
+				s.Linux.Seccomp, err = seccomp.LoadProfile(c.SeccompProfile, s)
+			}
+			return err
 		}
 		if !daemon.RawSysInfo().Seccomp {
 			if c.SeccompProfile != "" && c.SeccompProfile != dconfig.SeccompProfileDefault {