From 52578c09988cc05f08c5cf65bc79ddc5fa6657a3 Mon Sep 17 00:00:00 2001 From: Rafael Buchbinder Date: Fri, 17 Jan 2025 13:11:28 +0200 Subject: [PATCH] Properly handle "builtin" seccomp profile Like in CLI [1] the "builtin" seccomp profile should be handled the same as "unconfined". [1] https://github.com/docker/cli/blob/f4a68da19595d64c50b0bbc2b1f15e645943ed82/cli/command/container/opts.go#L929 Signed-off-by: Rafael Buchbinder --- pkg/compose/create.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/compose/create.go b/pkg/compose/create.go index d01fc3823..cce98010b 100644 --- a/pkg/compose/create.go +++ b/pkg/compose/create.go @@ -486,7 +486,7 @@ func parseSecurityOpts(p *types.Project, securityOpts []string) ([]string, bool, return securityOpts, false, fmt.Errorf("Invalid security-opt: %q", opt) } } - if con[0] == "seccomp" && con[1] != "unconfined" { + if con[0] == "seccomp" && con[1] != "unconfined" && con[1] != "builtin" { f, err := os.ReadFile(p.RelativePath(con[1])) if err != nil { return securityOpts, false, fmt.Errorf("opening seccomp profile (%s) failed: %w", con[1], err)