summaryrefslogtreecommitdiff
path: root/vendor/github.com/projectatomic/buildah/run.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/projectatomic/buildah/run.go')
-rw-r--r--vendor/github.com/projectatomic/buildah/run.go4
1 files changed, 3 insertions, 1 deletions
diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go
index 12560de3c..2ce5add39 100644
--- a/vendor/github.com/projectatomic/buildah/run.go
+++ b/vendor/github.com/projectatomic/buildah/run.go
@@ -868,9 +868,11 @@ func (b *Builder) configureUIDGID(g *generate.Generator, mountPoint string, opti
g.AddProcessAdditionalGid(gid)
}
- // Remove capabilities if not running as root
+ // Remove capabilities if not running as root except Bounding set
if user.UID != 0 {
+ bounding := g.Config.Process.Capabilities.Bounding
g.ClearProcessCapabilities()
+ g.Config.Process.Capabilities.Bounding = bounding
}
return nil
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-17 03:48:33 +0000