Fix conflicts between privileged and other flags

The `--privileged` flag does not conflict with `--group-add`
(this one was breaking Toolbox) and does not conflict with most
parts of `--security-opt` (this was breaking Openstack).

Signed-off-by: Matthew Heon <matthew.heon@pm.me>

2 files changed, 1 insertions, 4 deletions

diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 45179343b..33bacecaf 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -61,10 +61,6 @@ func (s *SpecGenerator) Validate() error {
 	//
 	// ContainerSecurityConfig
 	//
-	// groups and privileged are exclusive
-	if len(s.Groups) > 0 && s.Privileged {
-		return exclusiveOptions("Groups", "privileged")
-	}
 	// capadd and privileged are exclusive
 	if len(s.CapAdd) > 0 && s.Privileged {
 		return exclusiveOptions("CapAdd", "privileged")
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index bb01a5d14..77b1353c4 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -207,6 +207,7 @@ type ContainerSecurityConfig struct {
 	// - Adds all devices on the system to the container.
 	// - Adds all capabilities to the container.
 	// - Disables Seccomp, SELinux, and Apparmor confinement.
+	//   (Though SELinux can be manually re-enabled).
 	// TODO: this conflicts with things.
 	// TODO: this does more.
 	Privileged bool `json:"privileged,omitempty"`