From 82f9d5921bb31ad6065706985105c59a35883e82 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 3 Aug 2021 16:46:18 +0200 Subject: [PATCH] info: skip client-side warning about seccomp profile on API >= 1.42 This warning will be moved to the daemon-side, similar to how it returns other warnings. There's work in progress to change the name of the default profile, so we may need to backport this change to prevent existing clients from printing an incorrect warning if they're connecting to a newer daemon. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 8964595692766444fb84445931889677af5f55eb) Signed-off-by: Sebastiaan van Stijn --- cli/command/system/info.go | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/cli/command/system/info.go b/cli/command/system/info.go index c19946d09e..6c4dc01d9c 100644 --- a/cli/command/system/info.go +++ b/cli/command/system/info.go @@ -14,6 +14,7 @@ import ( "github.com/docker/cli/templates" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/swarm" + "github.com/docker/docker/api/types/versions" "github.com/docker/go-units" "github.com/spf13/cobra" ) @@ -211,9 +212,6 @@ func prettyPrintServerInfo(dockerCli command.Cli, info types.Info) []error { for _, o := range so.Options { switch o.Key { case "profile": - if o.Value != "default" { - fmt.Fprintln(dockerCli.Err(), " WARNING: You're not using the default seccomp profile") - } fmt.Fprintln(dockerCli.Out(), " Profile:", o.Value) } } @@ -378,6 +376,9 @@ func printSwarmInfo(dockerCli command.Cli, info types.Info) { } func printServerWarnings(dockerCli command.Cli, info types.Info) { + if versions.LessThan(dockerCli.Client().ClientVersion(), "1.42") { + printSecurityOptionsWarnings(dockerCli, info) + } if len(info.Warnings) > 0 { fmt.Fprintln(dockerCli.Err(), strings.Join(info.Warnings, "\n")) return @@ -387,6 +388,29 @@ func printServerWarnings(dockerCli command.Cli, info types.Info) { printServerWarningsLegacy(dockerCli, info) } +// printSecurityOptionsWarnings prints warnings based on the security options +// returned by the daemon. +// DEPRECATED: warnings are now generated by the daemon, and returned in +// info.Warnings. This function is used to provide backward compatibility with +// daemons that do not provide these warnings. No new warnings should be added +// here. +func printSecurityOptionsWarnings(dockerCli command.Cli, info types.Info) { + if info.OSType == "windows" { + return + } + kvs, _ := types.DecodeSecurityOptions(info.SecurityOptions) + for _, so := range kvs { + if so.Name != "seccomp" { + continue + } + for _, o := range so.Options { + if o.Key == "profile" && o.Value != "default" && o.Value != "builtin" { + _, _ = fmt.Fprintln(dockerCli.Err(), "WARNING: You're not using the default seccomp profile") + } + } + } +} + // printServerWarningsLegacy generates warnings based on information returned by the daemon. // DEPRECATED: warnings are now generated by the daemon, and returned in // info.Warnings. This function is used to provide backward compatibility with