diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-06-23 00:18:52 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-23 00:18:52 +0200 |
commit | 22a7d60f18a60bda02b40b5f2489014ba5f1c651 (patch) | |
tree | 38c9a13282752014ebd9386c82c0dbc7e1b15b17 | |
parent | 22942e392df57d0ae5cc8ebdd27d060e43206d62 (diff) | |
parent | 13cfdb0742ebf7fbf2d90e82e527a5386d030ab8 (diff) | |
download | podman-22a7d60f18a60bda02b40b5f2489014ba5f1c651.tar.gz podman-22a7d60f18a60bda02b40b5f2489014ba5f1c651.tar.bz2 podman-22a7d60f18a60bda02b40b5f2489014ba5f1c651.zip |
Merge pull request #6715 from mheon/fix_security_exclusive
Fix conflicts between privileged and other flags
-rw-r--r-- | cmd/podman/containers/create.go | 4 | ||||
-rw-r--r-- | pkg/specgen/container_validate.go | 4 | ||||
-rw-r--r-- | pkg/specgen/specgen.go | 1 |
3 files changed, 1 insertions, 8 deletions
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 6269ec781..45ce00c86 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -156,10 +156,6 @@ func replaceContainer(name string) error { } func createInit(c *cobra.Command) error { - if c.Flag("privileged").Changed && c.Flag("security-opt").Changed { - logrus.Warn("setting security options with --privileged has no effect") - } - if c.Flag("shm-size").Changed { cliVals.ShmSize = c.Flag("shm-size").Value.String() } diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index 45179343b..33bacecaf 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -61,10 +61,6 @@ func (s *SpecGenerator) Validate() error { // // ContainerSecurityConfig // - // groups and privileged are exclusive - if len(s.Groups) > 0 && s.Privileged { - return exclusiveOptions("Groups", "privileged") - } // capadd and privileged are exclusive if len(s.CapAdd) > 0 && s.Privileged { return exclusiveOptions("CapAdd", "privileged") diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index bb01a5d14..77b1353c4 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -207,6 +207,7 @@ type ContainerSecurityConfig struct { // - Adds all devices on the system to the container. // - Adds all capabilities to the container. // - Disables Seccomp, SELinux, and Apparmor confinement. + // (Though SELinux can be manually re-enabled). // TODO: this conflicts with things. // TODO: this does more. Privileged bool `json:"privileged,omitempty"` |