Add support for --no-new-privs

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
author: Daniel J Walsh <dwalsh@redhat.com> 2018-02-15 12:23:36 -0500
committer: Atomic Bot <atomic-devel@projectatomic.io> 2018-02-24 09:15:47 +0000
commit: 831dc488833e055dce1f1ba4c09f09346c85b67d (patch)
tree: 1bb780fafbe1bd32a85ce32e19a9d4f562669797 /libpod/options.go
parent: 1d9539337b7140f4631812a24f07a11540523c61 (diff)
download: podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.gz
podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.bz2
podman-831dc488833e055dce1f1ba4c09f09346c85b67d.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/libpod/options.go b/libpod/options.go
index 56e8fa203..6982a26c2 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -272,6 +272,18 @@ func WithPrivileged(privileged bool) CtrCreateOption {
 	}
 }
 
+// WithNoNewPrivs sets the noNewPrivs flag in the container runtime
+func WithNoNewPrivs(noNewPrivs bool) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return ErrCtrFinalized
+		}
+
+		ctr.config.NoNewPrivs = noNewPrivs
+		return nil
+	}
+}
+
 // WithSELinuxLabels sets the mount label for SELinux
 func WithSELinuxLabels(processLabel, mountLabel string) CtrCreateOption {
 	return func(ctr *Container) error {
author	Daniel J Walsh <dwalsh@redhat.com>	2018-02-15 12:23:36 -0500
committer	Atomic Bot <atomic-devel@projectatomic.io>	2018-02-24 09:15:47 +0000
commit	831dc488833e055dce1f1ba4c09f09346c85b67d (patch)
tree	1bb780fafbe1bd32a85ce32e19a9d4f562669797 /libpod/options.go
parent	1d9539337b7140f4631812a24f07a11540523c61 (diff)
download	podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.gz podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.bz2 podman-831dc488833e055dce1f1ba4c09f09346c85b67d.zip