summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-06-23 00:18:52 +0200
committerGitHub <noreply@github.com>2020-06-23 00:18:52 +0200
commit22a7d60f18a60bda02b40b5f2489014ba5f1c651 (patch)
tree38c9a13282752014ebd9386c82c0dbc7e1b15b17
parent22942e392df57d0ae5cc8ebdd27d060e43206d62 (diff)
parent13cfdb0742ebf7fbf2d90e82e527a5386d030ab8 (diff)
downloadpodman-22a7d60f18a60bda02b40b5f2489014ba5f1c651.tar.gz
podman-22a7d60f18a60bda02b40b5f2489014ba5f1c651.tar.bz2
podman-22a7d60f18a60bda02b40b5f2489014ba5f1c651.zip
Merge pull request #6715 from mheon/fix_security_exclusive
Fix conflicts between privileged and other flags
-rw-r--r--cmd/podman/containers/create.go4
-rw-r--r--pkg/specgen/container_validate.go4
-rw-r--r--pkg/specgen/specgen.go1
3 files changed, 1 insertions, 8 deletions
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 6269ec781..45ce00c86 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -156,10 +156,6 @@ func replaceContainer(name string) error {
}
func createInit(c *cobra.Command) error {
- if c.Flag("privileged").Changed && c.Flag("security-opt").Changed {
- logrus.Warn("setting security options with --privileged has no effect")
- }
-
if c.Flag("shm-size").Changed {
cliVals.ShmSize = c.Flag("shm-size").Value.String()
}
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 45179343b..33bacecaf 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -61,10 +61,6 @@ func (s *SpecGenerator) Validate() error {
//
// ContainerSecurityConfig
//
- // groups and privileged are exclusive
- if len(s.Groups) > 0 && s.Privileged {
- return exclusiveOptions("Groups", "privileged")
- }
// capadd and privileged are exclusive
if len(s.CapAdd) > 0 && s.Privileged {
return exclusiveOptions("CapAdd", "privileged")
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index bb01a5d14..77b1353c4 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -207,6 +207,7 @@ type ContainerSecurityConfig struct {
// - Adds all devices on the system to the container.
// - Adds all capabilities to the container.
// - Disables Seccomp, SELinux, and Apparmor confinement.
+ // (Though SELinux can be manually re-enabled).
// TODO: this conflicts with things.
// TODO: this does more.
Privileged bool `json:"privileged,omitempty"`