From 831dc488833e055dce1f1ba4c09f09346c85b67d Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, 15 Feb 2018 12:23:36 -0500
Subject: Add support for --no-new-privs

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #369
Approved by: rhatdan
---
 cmd/podman/create.go | 4 ++--
 cmd/podman/spec.go   | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

(limited to 'cmd')

diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 810a5e3ed..46429b335 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -128,7 +128,7 @@ type createConfig struct {
 	WorkDir            string            //workdir
 	MountLabel         string            //SecurityOpts
 	ProcessLabel       string            //SecurityOpts
-	NoNewPrivileges    bool              //SecurityOpts
+	NoNewPrivs         bool              //SecurityOpts
 	ApparmorProfile    string            //SecurityOpts
 	SeccompProfilePath string            //SecurityOpts
 	SecurityOpts       []string
@@ -252,7 +252,7 @@ func parseSecurityOpt(config *createConfig, securityOpts []string) error {
 
 	for _, opt := range securityOpts {
 		if opt == "no-new-privileges" {
-			config.NoNewPrivileges = true
+			config.NoNewPrivs = true
 		} else {
 			con := strings.SplitN(opt, "=", 2)
 			if len(con) != 2 {
diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go
index 2c2005399..d535383ba 100644
--- a/cmd/podman/spec.go
+++ b/cmd/podman/spec.go
@@ -259,7 +259,7 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
 	}
 
 	// SECURITY OPTS
-	g.SetProcessNoNewPrivileges(config.NoNewPrivileges)
+	g.SetProcessNoNewPrivileges(config.NoNewPrivs)
 	g.SetProcessApparmorProfile(config.ApparmorProfile)
 	g.SetProcessSelinuxLabel(config.ProcessLabel)
 	g.SetLinuxMountLabel(config.MountLabel)
@@ -665,6 +665,7 @@ func (c *createConfig) GetContainerCreateOptions() ([]libpod.CtrCreateOption, er
 	}
 
 	options = append(options, libpod.WithPrivileged(c.Privileged))
+	options = append(options, libpod.WithNoNewPrivs(c.NoNewPrivs))
 	return options, nil
 }
 
-- 
cgit v1.2.3-54-g00ecf