Missing default seccomp profile?

[bduffany]

When running podman run --rm --privileged mgoltzsche/podman:4.9.4 podman system info | grep seccompProfile the output is

    seccompProfilePath: ""

but with the official (?) podman image podman run --rm --privileged podman:latest podman system info | grep seccompProfile the output is

    seccompProfilePath: /usr/share/containers/seccomp.json

Does this mean there is no seccomp profile in effect? I read through the podman source code and I couldn't find a hard-coded default so I think it might be relying on this file to exist (might be worth double-checking my reading of the code though!)

[bduffany]

nvm, I think the logic here is loading a hard-coded default: https://github.com/containers/podman/blob/036fb1849b90bed53b9b870e1c44da72c64fe81e/pkg/specgen/generate/config_linux_seccomp.go#L59

Missed this on the first pass. Sorry for the noise!

[mgoltzsche]

Hi @bduffany, thanks for finding that difference between the official podman image and this one.
For convenience and parity I am inclined to add the seccomp.json file to this image...

[bduffany]

Seems reasonable to me, I will go ahead and re-open the issue