Properly handle --cap-add all when running with a --user flag

Handle the ALL Flag when running with an account as a user. Currently we throw an error when the user specifies podman run --user bin --cap-add all fedora echo hello Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
author: Daniel J Walsh <dwalsh@redhat.com> 2020-12-09 14:13:53 -0500
committer: Daniel J Walsh <dwalsh@redhat.com> 2020-12-09 14:21:16 -0500
commit: 1ace9e3ba618bc21ea41957f1bc60509b56a0a95 (patch)
tree: 81bbeb66be96499e9689c428dd5212d167280be2 /pkg/specgen
parent: 9abbe0728c5050914168a154622087a4dacd4dfe (diff)
download: podman-1ace9e3ba618bc21ea41957f1bc60509b56a0a95.tar.gz
podman-1ace9e3ba618bc21ea41957f1bc60509b56a0a95.tar.bz2
podman-1ace9e3ba618bc21ea41957f1bc60509b56a0a95.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index dee140282..56947ff24 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -141,7 +141,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
 		configSpec.Process.Capabilities.Effective = caplist
 		configSpec.Process.Capabilities.Permitted = caplist
 	} else {
-		userCaps, err := capabilities.NormalizeCapabilities(s.CapAdd)
+		userCaps, err := capabilities.MergeCapabilities(nil, s.CapAdd, nil)
 		if err != nil {
 			return errors.Wrapf(err, "capabilities requested by user are not valid: %q", strings.Join(s.CapAdd, ","))
 		}
author	Daniel J Walsh <dwalsh@redhat.com>	2020-12-09 14:13:53 -0500
committer	Daniel J Walsh <dwalsh@redhat.com>	2020-12-09 14:21:16 -0500
commit	1ace9e3ba618bc21ea41957f1bc60509b56a0a95 (patch)
tree	81bbeb66be96499e9689c428dd5212d167280be2 /pkg/specgen
parent	9abbe0728c5050914168a154622087a4dacd4dfe (diff)
download	podman-1ace9e3ba618bc21ea41957f1bc60509b56a0a95.tar.gz podman-1ace9e3ba618bc21ea41957f1bc60509b56a0a95.tar.bz2 podman-1ace9e3ba618bc21ea41957f1bc60509b56a0a95.zip