diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_api.go | 3 | ||||
| -rw-r--r-- | libpod/options.go | 12 |
2 files changed, 2 insertions, 13 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go index f79be4ac7..eeba36a44 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -236,11 +236,12 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e globalOpts := runcGlobalOptions{ log: c.LogPath(), } + execOpts := runcExecOptions{ capAdd: capList, pidFile: filepath.Join(c.state.RunDir, fmt.Sprintf("%s-execpid", stringid.GenerateNonCryptoID()[:12])), env: env, - noNewPrivs: c.config.NoNewPrivs, + noNewPrivs: c.config.Spec.Process.NoNewPrivileges, user: user, cwd: c.config.Spec.Process.Cwd, tty: tty, diff --git a/libpod/options.go b/libpod/options.go index 6982a26c2..56e8fa203 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -272,18 +272,6 @@ func WithPrivileged(privileged bool) CtrCreateOption { } } -// WithNoNewPrivs sets the noNewPrivs flag in the container runtime -func WithNoNewPrivs(noNewPrivs bool) CtrCreateOption { - return func(ctr *Container) error { - if ctr.valid { - return ErrCtrFinalized - } - - ctr.config.NoNewPrivs = noNewPrivs - return nil - } -} - // WithSELinuxLabels sets the mount label for SELinux func WithSELinuxLabels(processLabel, mountLabel string) CtrCreateOption { return func(ctr *Container) error { |