Docker compose not working with seccomp file and replicas together

[XiangRongLin]

Description
Docker compose does not work with a seccomp file AND replicas toghether.
It fails with an error message stating an invalid seccomp filename

Steps to reproduce the issue:

1. Use this docker-compose.yaml and seccomp.json file from here. Important bit being a replica count above 1 and using a seccomp file
2. Create an empty .env file
3. run docker compose up -d

Describe the results you received:
This error gist which states that the content of the seccomp.json file is used as the filename

Describe the results you expected:
Both containers start succesfully

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker compose version:

Docker Compose version v2.3.3

Output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.8.0)
  compose: Docker Compose (Docker Inc., v2.3.3)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 18
  Running: 0
  Paused: 0
  Stopped: 18
 Images: 41
 Server Version: 20.10.13
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2a1d4dbdb2a1030dc5b01e96fb110a9d9f150ecc
 runc version: v1.0.3-0-gf46b6ba
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.19.128-microsoft-standard
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 12
 Total Memory: 12.43GiB
 Name: docker-desktop
 ID: SZYV:GGTU:6OFD:WBYC:UQMX:K3QG:KOLK:4VNS:HXKO:SAJX:AN6O:HISJ
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5000
  127.0.0.0/8
 Live Restore Enabled: false

My analysis:
Note: I never worked with GO, but I was able to debug the application and verified the behavior below

compose/pkg/compose/create.go

Line 354 in a603e27

securityOpts, err := parseSecurityOpts(p, service.SecurityOpt)

here the service.SecurityOpt is passed into parseSecurityOpts. In that function the values of service.SecurityOpt are overwritten [here] with the content of the file

compose/pkg/compose/create.go

Line 414 in a603e27

securityOpts[key] = fmt.Sprintf("seccomp=%s", b.Bytes())

.
And it seems that GO passes a reference to the array to the function, meaning that that change also occured for all caller functions.
Because my docker-compose file is using replicas, the second time the function gets called, the function gets called with service.SecurityOpt containing the content of the file instead of the filename itself.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[XiangRongLin]

This bug is still present. My PR was closed with the note that it needs to cleaned up upstream. This has still not happened yet.
docker/cli#3616

[stale]

This issue has been automatically marked as not stale anymore due to the recent activity.

[stale]

This issue has been automatically marked as not stale anymore due to the recent activity.