From 009c4bc8d133cb4209590c5991aeae1e5172fe59 Mon Sep 17 00:00:00 2001
From: tkinaba <tiago.inaba@gmail.com>
Date: Fri, 29 May 2026 14:51:44 -0300
Subject: [PATCH] =?UTF-8?q?fix:=20adicionar=20op=C3=A7=C3=A3o=20de=20segur?=
 =?UTF-8?q?an=C3=A7a=20para=20compatibilidade?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

deu pau pra rodar no vdm
---
 internal/tui/docker.go | 28 ++++++++++++++++++----------
 internal/tui/model.go  |  7 +++++++
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/internal/tui/docker.go b/internal/tui/docker.go
index cfc2d31..409455a 100644
--- a/internal/tui/docker.go
+++ b/internal/tui/docker.go
@@ -75,8 +75,8 @@ func RunWireguardDockerContainer(envFilePath string, cv ConfigValues) error {
 		return fmt.Errorf("erro ao resolver caminho absoluto: %w", err)
 	}
 
-	cmd := exec.Command(
-		"docker", "run", "-it", "-d",
+	args := []string{
+		"run", "-it", "-d",
 		"--name", containerName,
 		"--network", networkName,
 		"--restart", "unless-stopped",
@@ -85,8 +85,12 @@ func RunWireguardDockerContainer(envFilePath string, cv ConfigValues) error {
 		"--log-opt", "max-size=5m",
 		"--log-opt", "max-file=1",
 		"--env-file", absPath,
-		wireguardImageName,
-	)
+	}
+	if cv.Server["seccomp_unconfined"] == "Sim" {
+		args = append(args, "--security-opt", "seccomp=unconfined")
+	}
+	args = append(args, wireguardImageName)
+	cmd := exec.Command("docker", args...)
 
 	out, err := cmd.CombinedOutput()
 	if err != nil {
@@ -116,17 +120,21 @@ func RunAppClienteContainer(image, containerName, configPath, configDestinationP
 	}
 	uidGid := fmt.Sprintf("%s:%s", currentUser.Uid, currentUser.Gid)
 
-	cmd := exec.Command(
-		"docker", "run", "-d",
+	args := []string{
+		"run", "-d",
 		"-u", uidGid,
 		"-p", fmt.Sprintf("%s:8080", cv.Server["port"]),
 		"--name", containerName,
 		"--network", "app-dono_app",
 		"--restart", "unless-stopped",
-		"-v", fmt.Sprintf("%s:%s", absPath, configDestinationPath), // Config mapping
-		"-v", fmt.Sprintf("%s:/app/certs", cv.Cert["cert_dir_path"]), // Certs mapping
-		image,
-	)
+		"-v", fmt.Sprintf("%s:%s", absPath, configDestinationPath),
+		"-v", fmt.Sprintf("%s:/app/certs", cv.Cert["cert_dir_path"]),
+	}
+	if cv.Server["seccomp_unconfined"] == "Sim" {
+		args = append(args, "--security-opt", "seccomp=unconfined")
+	}
+	args = append(args, image)
+	cmd := exec.Command("docker", args...)
 
 	out, err := cmd.CombinedOutput()
 	if err != nil {
diff --git a/internal/tui/model.go b/internal/tui/model.go
index 9ee78a0..fe393c8 100644
--- a/internal/tui/model.go
+++ b/internal/tui/model.go
@@ -193,6 +193,13 @@ func InitialModel() Model {
 				Type:    FieldTypeSelect,
 				Options: []string{"development", "production"},
 			},
+			{
+				Id:      "seccomp_unconfined",
+				Label:   "Modo Compatibilidade (máquinas antigas)",
+				Default: "Não",
+				Type:    FieldTypeSelect,
+				Options: []string{"Não", "Sim"},
+			},
 		}),
 		dbForm: NewFormStep("Banco de Dados", []FormField{
 			{