From be217caa3856c76a6b997c203422715e13b0335a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 7 Jun 2018 01:00:07 -0400 Subject: Vendor in latest buildah code This will add --layers support. Also add missing information in man pages on podman build features. Signed-off-by: Daniel J Walsh Closes: #938 Approved by: umohnani8 --- vendor/github.com/projectatomic/buildah/run.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'vendor/github.com/projectatomic/buildah/run.go') diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go index 436c2ea2e..9d7fb8d7d 100644 --- a/vendor/github.com/projectatomic/buildah/run.go +++ b/vendor/github.com/projectatomic/buildah/run.go @@ -393,7 +393,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, optionMounts // Add temporary copies of the contents of volume locations at the // volume locations, unless we already have something there. - copyWithTar := b.copyWithTar(nil) + copyWithTar := b.copyWithTar(nil, nil) builtins, err := runSetupBuiltinVolumes(b.MountLabel, mountPoint, cdir, copyWithTar, builtinVolumes) if err != nil { return err @@ -534,7 +534,7 @@ func runSetupVolumeMounts(mountLabel string, volumeMounts []string, optionMounts // addNetworkConfig copies files from host and sets them up to bind mount into container func (b *Builder) addNetworkConfig(rdir, hostPath string) (string, error) { - copyFileWithTar := b.copyFileWithTar(nil) + copyFileWithTar := b.copyFileWithTar(nil, nil) cfile := filepath.Join(rdir, filepath.Base(hostPath)) @@ -809,6 +809,15 @@ func (b *Builder) Run(command []string, options RunOptions) error { // Now grab the spec from the generator. Set the generator to nil so that future contributors // will quickly be able to tell that they're supposed to be modifying the spec directly from here. spec := g.Spec() + + //Remove capabilities if not running as root + if user.UID != 0 { + var caplist []string + spec.Process.Capabilities.Permitted = caplist + spec.Process.Capabilities.Inheritable = caplist + spec.Process.Capabilities.Effective = caplist + spec.Process.Capabilities.Ambient = caplist + } g = nil if spec.Process.Cwd == "" { spec.Process.Cwd = DefaultWorkingDir -- cgit v1.2.3-54-g00ecf