summaryrefslogtreecommitdiff
path: root/cmd/podman/spec.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-02-15 12:23:36 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2018-02-24 09:15:47 +0000
commit831dc488833e055dce1f1ba4c09f09346c85b67d (patch)
tree1bb780fafbe1bd32a85ce32e19a9d4f562669797 /cmd/podman/spec.go
parent1d9539337b7140f4631812a24f07a11540523c61 (diff)
downloadpodman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.gz
podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.bz2
podman-831dc488833e055dce1f1ba4c09f09346c85b67d.zip
Add support for --no-new-privs
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
Diffstat (limited to 'cmd/podman/spec.go')
-rw-r--r--cmd/podman/spec.go3
1 files changed, 2 insertions, 1 deletions
diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go
index 2c2005399..d535383ba 100644
--- a/cmd/podman/spec.go
+++ b/cmd/podman/spec.go
@@ -259,7 +259,7 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
}
// SECURITY OPTS
- g.SetProcessNoNewPrivileges(config.NoNewPrivileges)
+ g.SetProcessNoNewPrivileges(config.NoNewPrivs)
g.SetProcessApparmorProfile(config.ApparmorProfile)
g.SetProcessSelinuxLabel(config.ProcessLabel)
g.SetLinuxMountLabel(config.MountLabel)
@@ -665,6 +665,7 @@ func (c *createConfig) GetContainerCreateOptions() ([]libpod.CtrCreateOption, er
}
options = append(options, libpod.WithPrivileged(c.Privileged))
+ options = append(options, libpod.WithNoNewPrivs(c.NoNewPrivs))
return options, nil
}