From a3b9dd89a1b19e7f84617b91f3756ae816c11035 Mon Sep 17 00:00:00 2001
From: Yong Tang <yong.tang.github@outlook.com>
Date: Fri, 8 Jul 2016 15:54:48 -0700
Subject: [PATCH] Fix seccomp output in `docker info`

This fix tries to address the issue raised in #24374 where
`docker info` outputs seccomp support in Ubuntu 14.04 but
the seccomp wass not actually supported.

The issue is that in the current docker implementation, seccomp
support is only checked against the kernel by inspect CONFIG_SECCOMP
and CONFIG_SECCOMP_FILTER. However, seccomp might not be enabled
when building docker (through golang build flag).

This fix adds a supportSeccomp boolean variable. The supportSeccomp
is only set to true when seccomp is enabled when building docker.

This fix fixes #24374.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
---
 daemon/info.go                | 2 +-
 daemon/seccomp_disabled.go    | 4 +++-
 daemon/seccomp_linux.go       | 2 ++
 daemon/seccomp_unsupported.go | 5 +++++
 4 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 daemon/seccomp_unsupported.go

diff --git a/daemon/info.go b/daemon/info.go
index 2ef4545575..81a554cc71 100644
--- a/daemon/info.go
+++ b/daemon/info.go
@@ -71,7 +71,7 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 	if sysInfo.AppArmor {
 		securityOptions = append(securityOptions, "apparmor")
 	}
-	if sysInfo.Seccomp {
+	if sysInfo.Seccomp && supportsSeccomp {
 		securityOptions = append(securityOptions, "seccomp")
 	}
 	if selinuxEnabled() {
diff --git a/daemon/seccomp_disabled.go b/daemon/seccomp_disabled.go
index 8f13f5606d..4ad1b7c53f 100644
--- a/daemon/seccomp_disabled.go
+++ b/daemon/seccomp_disabled.go
@@ -1,4 +1,4 @@
-// +build !seccomp,!windows
+// +build linux,!seccomp
 
 package daemon
 
@@ -9,6 +9,8 @@ import (
 	"github.com/opencontainers/specs/specs-go"
 )
 
+var supportsSeccomp = false
+
 func setSeccomp(daemon *Daemon, rs *specs.Spec, c *container.Container) error {
 	if c.SeccompProfile != "" && c.SeccompProfile != "unconfined" {
 		return fmt.Errorf("seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile")
diff --git a/daemon/seccomp_linux.go b/daemon/seccomp_linux.go
index 34ffcb5975..e9622787ee 100644
--- a/daemon/seccomp_linux.go
+++ b/daemon/seccomp_linux.go
@@ -11,6 +11,8 @@ import (
 	"github.com/opencontainers/specs/specs-go"
 )
 
+var supportsSeccomp = true
+
 func setSeccomp(daemon *Daemon, rs *specs.Spec, c *container.Container) error {
 	var profile *specs.Seccomp
 	var err error
diff --git a/daemon/seccomp_unsupported.go b/daemon/seccomp_unsupported.go
new file mode 100644
index 0000000000..b3691e96af
--- /dev/null
+++ b/daemon/seccomp_unsupported.go
@@ -0,0 +1,5 @@
+// +build !linux
+
+package daemon
+
+var supportsSeccomp = false