genpolicy: Add support for seccompProfile field

Signed-off-by: Saul Paredes <[email protected]>

src/agent/samples/policy/yaml/configmap/pod-cm1.yaml

@@ -22,6 +22,8 @@ spec:
       image: "mcr.microsoft.com/aks/e2e/library-busybox:master.220314.1-linux-amd64"
       securityContext:
         privileged: true
+        seccompProfile:
+          type: RuntimeDefault
       env:
         - name: CONFIG_MAP_VALUE1
           valueFrom:

src/tools/genpolicy/src/pod.rs

@@ -279,6 +279,17 @@ struct SecurityContext {
 
     #[serde(skip_serializing_if = "Option::is_none")]
     runAsUser: Option<i64>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    seccompProfile: Option<SeccompProfile>,
+}
+
+#[derive(Clone, Debug, Serialize, Deserialize)]
+struct SeccompProfile {
+    #[serde(rename = "type")]
+    profile_type: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    localhostProfile: Option<String>,
 }
 
 /// See Reference / Kubernetes API / Workload Resources / Pod.
@@ -939,6 +950,7 @@ pub async fn add_pause_container(containers: &mut Vec<Container>, use_cache: boo
             privileged: None,
             capabilities: None,
             runAsUser: None,
+            seccompProfile: None,
         }),
         ..Default::default()
     };