diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2018-06-07 01:00:07 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-13 12:49:32 +0000 |
| commit | be217caa3856c76a6b997c203422715e13b0335a (patch) | |
| tree | 49190e0813ba860ccc74d017ccf12562e009c6bc /vendor/github.com/projectatomic/buildah/run.go | |
| parent | 95ea3d4f3a77d014fdd1be43411ba96a85091712 (diff) | |
| download | podman-be217caa3856c76a6b997c203422715e13b0335a.tar.gz podman-be217caa3856c76a6b997c203422715e13b0335a.tar.bz2 podman-be217caa3856c76a6b997c203422715e13b0335a.zip | |
Vendor in latest buildah code
This will add --layers support.
Also add missing information in man pages on podman build features.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #938
Approved by: umohnani8
Diffstat (limited to 'vendor/github.com/projectatomic/buildah/run.go')
| -rw-r--r-- | vendor/github.com/projectatomic/buildah/run.go | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go index 436c2ea2e..9d7fb8d7d 100644 --- a/vendor/github.com/projectatomic/buildah/run.go +++ b/vendor/github.com/projectatomic/buildah/run.go @@ -393,7 +393,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, optionMounts // Add temporary copies of the contents of volume locations at the // volume locations, unless we already have something there. - copyWithTar := b.copyWithTar(nil) + copyWithTar := b.copyWithTar(nil, nil) builtins, err := runSetupBuiltinVolumes(b.MountLabel, mountPoint, cdir, copyWithTar, builtinVolumes) if err != nil { return err @@ -534,7 +534,7 @@ func runSetupVolumeMounts(mountLabel string, volumeMounts []string, optionMounts // addNetworkConfig copies files from host and sets them up to bind mount into container func (b *Builder) addNetworkConfig(rdir, hostPath string) (string, error) { - copyFileWithTar := b.copyFileWithTar(nil) + copyFileWithTar := b.copyFileWithTar(nil, nil) cfile := filepath.Join(rdir, filepath.Base(hostPath)) @@ -809,6 +809,15 @@ func (b *Builder) Run(command []string, options RunOptions) error { // Now grab the spec from the generator. Set the generator to nil so that future contributors // will quickly be able to tell that they're supposed to be modifying the spec directly from here. spec := g.Spec() + + //Remove capabilities if not running as root + if user.UID != 0 { + var caplist []string + spec.Process.Capabilities.Permitted = caplist + spec.Process.Capabilities.Inheritable = caplist + spec.Process.Capabilities.Effective = caplist + spec.Process.Capabilities.Ambient = caplist + } g = nil if spec.Process.Cwd == "" { spec.Process.Cwd = DefaultWorkingDir |