From 1cd529b22d40205c1f3246ed49f07e3615cf8292 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 1 Apr 2022 10:15:08 +0200
Subject: specgen: permit --privileged and --cap-add

--cap-add is useful when running a privileged container with UID != 0,
so that individual capabilities can be added to the container process.

Closes: https://github.com/containers/podman/issues/13449

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/specgen/container_validate.go | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'pkg/specgen')

diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index e71eafb75..42b70e334 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -83,10 +83,6 @@ func (s *SpecGenerator) Validate() error {
 	//
 	// ContainerSecurityConfig
 	//
-	// capadd and privileged are exclusive
-	if len(s.CapAdd) > 0 && s.Privileged {
-		return exclusiveOptions("CapAdd", "privileged")
-	}
 	// userns and idmappings conflict
 	if s.UserNS.IsPrivate() && s.IDMappings == nil {
 		return errors.Wrap(ErrInvalidSpecConfig, "IDMappings are required when not creating a User namespace")
-- 
cgit v1.2.3-54-g00ecf