add default seccomp profile as json

profile is created by go generate

Signed-off-by: Jessica Frazelle <acidburn@docker.com>

profiles/seccomp/generate.go

@@ -0,0 +1,35 @@
+// +build ignore
+
+package main
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/docker/profiles/seccomp"
+)
+
+// saves the default seccomp profile as a json file so people can use it as a
+// base for their own custom profiles
+func main() {
+	wd, err := os.Getwd()
+	if err != nil {
+		panic(err)
+	}
+	f := filepath.Join(wd, "default.json")
+
+	// get the default profile
+	p := seccomp.GetDefaultProfile()
+
+	// write the default profile to the file
+	b, err := json.MarshalIndent(p, "", "\t")
+	if err != nil {
+		panic(err)
+	}
+
+	if err := ioutil.WriteFile(f, b, 0755); err != nil {
+		panic(err)
+	}
+}

profiles/seccomp/seccomp.go

@@ -11,9 +11,11 @@ import (
 	"github.com/opencontainers/runc/libcontainer/seccomp"
 )
 
+//go:generate go run -tags 'seccomp' generate.go
+
 // GetDefaultProfile returns the default seccomp profile.
 func GetDefaultProfile() *configs.Seccomp {
-	return defaultSeccompProfile
+	return defaultProfile
 }
 
 // LoadProfile takes a file path a decodes the seccomp profile.

profiles/seccomp/seccomp_default.go

@@ -33,7 +33,8 @@ func arches() []string {
 	}
 }
 
-var defaultSeccompProfile = &configs.Seccomp{
+// defaultProfile defines the whitelist for the default seccomp profile.
+var defaultProfile = &configs.Seccomp{
 	DefaultAction: configs.Errno,
 	Architectures: arches(),
 	Syscalls: []*configs.Syscall{

profiles/seccomp/seccomp_unsupported.go

@@ -5,5 +5,6 @@ package seccomp
 import "github.com/opencontainers/runc/libcontainer/configs"
 
 var (
-	defaultSeccompProfile *configs.Seccomp
+	// defaultProfile is a nil pointer on unsupported systems.
+	defaultProfile *configs.Seccomp
 )