Add support for --no-new-privs

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
author: Daniel J Walsh <dwalsh@redhat.com> 2018-02-15 12:23:36 -0500
committer: Atomic Bot <atomic-devel@projectatomic.io> 2018-02-24 09:15:47 +0000
commit: 831dc488833e055dce1f1ba4c09f09346c85b67d (patch)
tree: 1bb780fafbe1bd32a85ce32e19a9d4f562669797 /libpod/container_api.go
parent: 1d9539337b7140f4631812a24f07a11540523c61 (diff)
download: podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.gz
podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.bz2
podman-831dc488833e055dce1f1ba4c09f09346c85b67d.zip
1 files changed, 7 insertions, 6 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 2dfb166ec..f79be4ac7 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -237,12 +237,13 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
 		log: c.LogPath(),
 	}
 	execOpts := runcExecOptions{
-		capAdd:  capList,
-		pidFile: filepath.Join(c.state.RunDir, fmt.Sprintf("%s-execpid", stringid.GenerateNonCryptoID()[:12])),
-		env:     env,
-		user:    user,
-		cwd:     c.config.Spec.Process.Cwd,
-		tty:     tty,
+		capAdd:     capList,
+		pidFile:    filepath.Join(c.state.RunDir, fmt.Sprintf("%s-execpid", stringid.GenerateNonCryptoID()[:12])),
+		env:        env,
+		noNewPrivs: c.config.NoNewPrivs,
+		user:       user,
+		cwd:        c.config.Spec.Process.Cwd,
+		tty:        tty,
 	}
 
 	return c.runtime.ociRuntime.execContainer(c, cmd, globalOpts, execOpts)
author	Daniel J Walsh <dwalsh@redhat.com>	2018-02-15 12:23:36 -0500
committer	Atomic Bot <atomic-devel@projectatomic.io>	2018-02-24 09:15:47 +0000
commit	831dc488833e055dce1f1ba4c09f09346c85b67d (patch)
tree	1bb780fafbe1bd32a85ce32e19a9d4f562669797 /libpod/container_api.go
parent	1d9539337b7140f4631812a24f07a11540523c61 (diff)
download	podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.gz podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.bz2 podman-831dc488833e055dce1f1ba4c09f09346c85b67d.zip