diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-04-01 09:25:26 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-01 09:25:26 -0400 |
commit | 59fcf0e39d91e00d8385ffda3a09c32a1464c117 (patch) | |
tree | 2bad250c3c7e36ef6f6c3609b559f7286459eec9 | |
parent | d1f3a2d6a82ed66d4dab5be62821bc59bfb84dd8 (diff) | |
parent | 1cd529b22d40205c1f3246ed49f07e3615cf8292 (diff) | |
download | podman-59fcf0e39d91e00d8385ffda3a09c32a1464c117.tar.gz podman-59fcf0e39d91e00d8385ffda3a09c32a1464c117.tar.bz2 podman-59fcf0e39d91e00d8385ffda3a09c32a1464c117.zip |
Merge pull request #13744 from giuseppe/allow-privileged-cap-add
specgen: permit --privileged and --cap-add
-rw-r--r-- | pkg/specgen/container_validate.go | 4 | ||||
-rw-r--r-- | test/e2e/run_test.go | 5 |
2 files changed, 5 insertions, 4 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index e71eafb75..42b70e334 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -83,10 +83,6 @@ func (s *SpecGenerator) Validate() error { // // ContainerSecurityConfig // - // capadd and privileged are exclusive - if len(s.CapAdd) > 0 && s.Privileged { - return exclusiveOptions("CapAdd", "privileged") - } // userns and idmappings conflict if s.UserNS.IsPrivate() && s.IDMappings == nil { return errors.Wrap(ErrInvalidSpecConfig, "IDMappings are required when not creating a User namespace") diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 1a93296b7..a1d04ddee 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -535,6 +535,11 @@ var _ = Describe("Podman run", func() { Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(ContainSubstring("0000000000000000")) + session = podmanTest.Podman([]string{"run", "--user=1:1", "--cap-add=DAC_OVERRIDE", "--rm", ALPINE, "grep", "CapEff", "/proc/self/status"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(ContainSubstring("0000000000000002")) + if os.Geteuid() > 0 { if os.Getenv("SKIP_USERNS") != "" { Skip("Skip userns tests.") |