fix: adicionar opção de segurança para compatibilidade

deu pau pra rodar no vdm

internal/tui/docker.go

@@ -75,8 +75,8 @@ func RunWireguardDockerContainer(envFilePath string, cv ConfigValues) error {
 		return fmt.Errorf("erro ao resolver caminho absoluto: %w", err)
 	}
 
-	cmd := exec.Command(
-		"docker", "run", "-it", "-d",
+	args := []string{
+		"run", "-it", "-d",
 		"--name", containerName,
 		"--network", networkName,
 		"--restart", "unless-stopped",
@@ -85,8 +85,12 @@ func RunWireguardDockerContainer(envFilePath string, cv ConfigValues) error {
 		"--log-opt", "max-size=5m",
 		"--log-opt", "max-file=1",
 		"--env-file", absPath,
-		wireguardImageName,
-	)
+	}
+	if cv.Server["seccomp_unconfined"] == "Sim" {
+		args = append(args, "--security-opt", "seccomp=unconfined")
+	}
+	args = append(args, wireguardImageName)
+	cmd := exec.Command("docker", args...)
 
 	out, err := cmd.CombinedOutput()
 	if err != nil {
@@ -116,17 +120,21 @@ func RunAppClienteContainer(image, containerName, configPath, configDestinationP
 	}
 	uidGid := fmt.Sprintf("%s:%s", currentUser.Uid, currentUser.Gid)
 
-	cmd := exec.Command(
-		"docker", "run", "-d",
+	args := []string{
+		"run", "-d",
 		"-u", uidGid,
 		"-p", fmt.Sprintf("%s:8080", cv.Server["port"]),
 		"--name", containerName,
 		"--network", "app-dono_app",
 		"--restart", "unless-stopped",
-		"-v", fmt.Sprintf("%s:%s", absPath, configDestinationPath), // Config mapping
-		"-v", fmt.Sprintf("%s:/app/certs", cv.Cert["cert_dir_path"]), // Certs mapping
-		image,
-	)
+		"-v", fmt.Sprintf("%s:%s", absPath, configDestinationPath),
+		"-v", fmt.Sprintf("%s:/app/certs", cv.Cert["cert_dir_path"]),
+	}
+	if cv.Server["seccomp_unconfined"] == "Sim" {
+		args = append(args, "--security-opt", "seccomp=unconfined")
+	}
+	args = append(args, image)
+	cmd := exec.Command("docker", args...)
 
 	out, err := cmd.CombinedOutput()
 	if err != nil {