Simplify seccomp logic

Signed-off-by: Paulo Gomes <pjbgf@linux.com>

daemon/seccomp_linux.go

@@ -10,7 +10,6 @@ import (
 	coci "github.com/containerd/containerd/oci"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/profiles/seccomp"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
 
@@ -19,43 +18,29 @@ const supportsSeccomp = true
 // WithSeccomp sets the seccomp profile
 func WithSeccomp(daemon *Daemon, c *container.Container) coci.SpecOpts {
 	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
-		var profile *specs.LinuxSeccomp
-		var err error
-
+		if c.SeccompProfile == "unconfined" {
+			return nil
+		}
 		if c.HostConfig.Privileged {
 			return nil
 		}
-
 		if !daemon.seccompEnabled {
-			if c.SeccompProfile != "" && c.SeccompProfile != "unconfined" {
+			if c.SeccompProfile != "" {
 				return fmt.Errorf("seccomp is not enabled in your kernel, cannot run a custom seccomp profile")
 			}
 			logrus.Warn("seccomp is not enabled in your kernel, running container without default profile")
 			c.SeccompProfile = "unconfined"
-		}
-		if c.SeccompProfile == "unconfined" {
 			return nil
 		}
-		if c.SeccompProfile != "" {
-			profile, err = seccomp.LoadProfile(c.SeccompProfile, s)
-			if err != nil {
-				return err
-			}
-		} else {
-			if daemon.seccompProfile != nil {
-				profile, err = seccomp.LoadProfile(string(daemon.seccompProfile), s)
-				if err != nil {
-					return err
-				}
-			} else {
-				profile, err = seccomp.GetDefaultProfile(s)
-				if err != nil {
-					return err
-				}
-			}
+		var err error
+		switch {
+		case c.SeccompProfile != "":
+			s.Linux.Seccomp, err = seccomp.LoadProfile(c.SeccompProfile, s)
+		case daemon.seccompProfile != nil:
+			s.Linux.Seccomp, err = seccomp.LoadProfile(string(daemon.seccompProfile), s)
+		default:
+			s.Linux.Seccomp, err = seccomp.GetDefaultProfile(s)
 		}
-
-		s.Linux.Seccomp = profile
-		return nil
+		return err
 	}
 }