diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2018-02-15 12:23:36 -0500 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-02-24 09:15:47 +0000 |
commit | 831dc488833e055dce1f1ba4c09f09346c85b67d (patch) | |
tree | 1bb780fafbe1bd32a85ce32e19a9d4f562669797 /cmd/podman/spec.go | |
parent | 1d9539337b7140f4631812a24f07a11540523c61 (diff) | |
download | podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.gz podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.bz2 podman-831dc488833e055dce1f1ba4c09f09346c85b67d.zip |
Add support for --no-new-privs
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #369
Approved by: rhatdan
Diffstat (limited to 'cmd/podman/spec.go')
-rw-r--r-- | cmd/podman/spec.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go index 2c2005399..d535383ba 100644 --- a/cmd/podman/spec.go +++ b/cmd/podman/spec.go @@ -259,7 +259,7 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { } // SECURITY OPTS - g.SetProcessNoNewPrivileges(config.NoNewPrivileges) + g.SetProcessNoNewPrivileges(config.NoNewPrivs) g.SetProcessApparmorProfile(config.ApparmorProfile) g.SetProcessSelinuxLabel(config.ProcessLabel) g.SetLinuxMountLabel(config.MountLabel) @@ -665,6 +665,7 @@ func (c *createConfig) GetContainerCreateOptions() ([]libpod.CtrCreateOption, er } options = append(options, libpod.WithPrivileged(c.Privileged)) + options = append(options, libpod.WithNoNewPrivs(c.NoNewPrivs)) return options, nil } |