From 1ace9e3ba618bc21ea41957f1bc60509b56a0a95 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 9 Dec 2020 14:13:53 -0500 Subject: Properly handle --cap-add all when running with a --user flag Handle the ALL Flag when running with an account as a user. Currently we throw an error when the user specifies podman run --user bin --cap-add all fedora echo hello Signed-off-by: Daniel J Walsh --- pkg/specgen/generate/security.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg/specgen') diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go index dee140282..56947ff24 100644 --- a/pkg/specgen/generate/security.go +++ b/pkg/specgen/generate/security.go @@ -141,7 +141,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, configSpec.Process.Capabilities.Effective = caplist configSpec.Process.Capabilities.Permitted = caplist } else { - userCaps, err := capabilities.NormalizeCapabilities(s.CapAdd) + userCaps, err := capabilities.MergeCapabilities(nil, s.CapAdd, nil) if err != nil { return errors.Wrapf(err, "capabilities requested by user are not valid: %q", strings.Join(s.CapAdd, ",")) } -- cgit v1.2.3-54-g00ecf