From 8322e5091ecf2152d76a7eb6f82610424bbb4424 Mon Sep 17 00:00:00 2001
From: Pengfei Ni <feiskyer@gmail.com>
Date: Sat, 19 Nov 2016 08:35:13 +0800
Subject: [PATCH] CRI: address knows issues of seccomp

---
 pkg/kubelet/api/v1alpha1/runtime/api.pb.go | 3 ++-
 pkg/kubelet/api/v1alpha1/runtime/api.proto | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/kubelet/api/v1alpha1/runtime/api.pb.go b/pkg/kubelet/api/v1alpha1/runtime/api.pb.go
index 7acf0447d8..ec3d90b5b9 100644
--- a/pkg/kubelet/api/v1alpha1/runtime/api.pb.go
+++ b/pkg/kubelet/api/v1alpha1/runtime/api.pb.go
@@ -665,7 +665,8 @@ type PodSandboxConfig struct {
 	//      * runtime/default: the default profile for the container runtime
 	//      * unconfined: unconfined profile, ie, no seccomp sandboxing
 	//      * localhost/<profile-name>: the profile installed to the node's
-	//        local seccomp profile root
+	//        local seccomp profile root. Note that profile root is set in
+	//        kubelet, and it is not passed in CRI yet, see https://issues.k8s.io/36997.
 	//
 	// 3. Sysctls
 	//
diff --git a/pkg/kubelet/api/v1alpha1/runtime/api.proto b/pkg/kubelet/api/v1alpha1/runtime/api.proto
index de10e4c29f..7df26e32ec 100644
--- a/pkg/kubelet/api/v1alpha1/runtime/api.proto
+++ b/pkg/kubelet/api/v1alpha1/runtime/api.proto
@@ -255,7 +255,8 @@ message PodSandboxConfig {
     //      * runtime/default: the default profile for the container runtime
     //      * unconfined: unconfined profile, ie, no seccomp sandboxing
     //      * localhost/<profile-name>: the profile installed to the node's
-    //        local seccomp profile root
+    //        local seccomp profile root. Note that profile root is set in
+    //        kubelet, and it is not passed in CRI yet, see https://issues.k8s.io/36997.
     //
     // 3. Sysctls
     //