From 920b66707ece354b8dbf00416b5a26abdee93a2f Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@gmail.com>
Date: Fri, 23 Feb 2018 15:02:21 -0500
Subject: Small fixes to container Exec

Fix an error message, and always set Privileged if the container
is also privileged.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
---
 libpod/container_api.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'libpod')

diff --git a/libpod/container_api.go b/libpod/container_api.go
index eeba36a44..9011454fa 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -213,6 +213,8 @@ func (c *Container) Kill(signal uint) error {
 }
 
 // Exec starts a new process inside the container
+// TODO allow specifying streams to attach to
+// TODO investigate allowing exec without attaching
 func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) error {
 	var capList []string
 
@@ -227,10 +229,11 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
 
 	conState := c.state.State
 
+	// TODO can probably relax this once we track exec sessions
 	if conState != ContainerStateRunning {
-		return errors.Errorf("cannot attach to container that is not running")
+		return errors.Errorf("cannot exec into container that is not running")
 	}
-	if privileged {
+	if privileged || c.config.Privileged {
 		capList = caps.GetAllCapabilities()
 	}
 	globalOpts := runcGlobalOptions{
-- 
cgit v1.2.3-54-g00ecf