cri,nri: pass any linux security profile to plugins.

klihub · mikebrow · commit c22cf5d49819 · 2025-12-17T15:03:51.000-06:00
Signed-off-by: Krisztian Litkey &lt;krisztian.litkey@intel.com&gt;
diff --git a/internal/cri/nri/nri_api_linux.go b/internal/cri/nri/nri_api_linux.go
@@ -900,6 +900,22 @@ func (c *criContainer) GetRdt() *api.LinuxRdt {
 	}
 }
 
+func (c *criContainer) GetSeccompProfile() *api.SecurityProfile {
+	if c == nil || c.meta == nil || c.meta.Config == nil {
+		return nil
+	}
+
+	profile := c.meta.Config.GetLinux().GetSecurityContext().GetSeccomp()
+	if profile == nil {
+		return nil
+	}
+
+	return &api.SecurityProfile{
+		ProfileType:  api.SecurityProfile_ProfileType(profile.GetProfileType()),
+		LocalhostRef: profile.GetLocalhostRef(),
+	}
+}
+
 func (c *criContainer) GetPid() uint32 {
 	return c.pid
 }
diff --git a/internal/nri/container.go b/internal/nri/container.go
@@ -49,6 +49,7 @@ type LinuxContainer interface {
 	GetScheduler() *nri.LinuxScheduler
 	GetNetDevices() map[string]*nri.LinuxNetDevice
 	GetRdt() *nri.LinuxRdt
+	GetSeccompProfile() *nri.SecurityProfile
 }
 
 func commonContainerToNRI(ctr Container) *nri.Container {
diff --git a/internal/nri/container_linux.go b/internal/nri/container_linux.go
@@ -26,15 +26,16 @@ func containerToNRI(ctr Container) *nri.Container {
 	nriCtr := commonContainerToNRI(ctr)
 	lnxCtr := ctr.GetLinuxContainer()
 	nriCtr.Linux = &nri.LinuxContainer{
-		Namespaces:  lnxCtr.GetLinuxNamespaces(),
-		Devices:     lnxCtr.GetLinuxDevices(),
-		Resources:   lnxCtr.GetLinuxResources(),
-		OomScoreAdj: nri.Int(lnxCtr.GetOOMScoreAdj()),
-		CgroupsPath: lnxCtr.GetCgroupsPath(),
-		IoPriority:  lnxCtr.GetIOPriority(),
-		Scheduler:   lnxCtr.GetScheduler(),
-		NetDevices:  lnxCtr.GetNetDevices(),
-		Rdt:         lnxCtr.GetRdt(),
+		Namespaces:     lnxCtr.GetLinuxNamespaces(),
+		Devices:        lnxCtr.GetLinuxDevices(),
+		Resources:      lnxCtr.GetLinuxResources(),
+		OomScoreAdj:    nri.Int(lnxCtr.GetOOMScoreAdj()),
+		CgroupsPath:    lnxCtr.GetCgroupsPath(),
+		IoPriority:     lnxCtr.GetIOPriority(),
+		Scheduler:      lnxCtr.GetScheduler(),
+		NetDevices:     lnxCtr.GetNetDevices(),
+		Rdt:            lnxCtr.GetRdt(),
+		SeccompProfile: lnxCtr.GetSeccompProfile(),
 	}
 	return nriCtr
 }

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ type LinuxContainer interface {`
`49`	`49`	`GetScheduler() *nri.LinuxScheduler`
`50`	`50`	`GetNetDevices() map[string]*nri.LinuxNetDevice`
`51`	`51`	`GetRdt() *nri.LinuxRdt`
	`52`	`+ GetSeccompProfile() *nri.SecurityProfile`
`52`	`53`	`}`
`53`	`54`
`54`	`55`	`func commonContainerToNRI(ctr Container) *nri.Container {`