opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-09-19 12:56:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add support for --no-new-privs

Browse Source 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #369
Approved by: rhatdan
This commit is contained in:
Daniel J Walsh
2018-02-15 12:23:36 -05:00
committed by Atomic Bot
parent 1d9539337b
commit 831dc48883
5 changed files with 46 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
libpod/container_api.go
View File

@ -237,12 +237,13 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
log: c.LogPath(),
}
execOpts := runcExecOptions{
capAdd: capList,
pidFile: filepath.Join(c.state.RunDir, fmt.Sprintf("%s-execpid", stringid.GenerateNonCryptoID()[:12])),
env: env,
user: user,
cwd: c.config.Spec.Process.Cwd,
tty: tty,
capAdd: capList,
pidFile: filepath.Join(c.state.RunDir, fmt.Sprintf("%s-execpid", stringid.GenerateNonCryptoID()[:12])),
env: env,
noNewPrivs: c.config.NoNewPrivs,
user: user,
cwd: c.config.Spec.Process.Cwd,
tty: tty,
}
return c.runtime.ociRuntime.execContainer(c, cmd, globalOpts, execOpts)