Add support for --no-new-privs

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
2025-05-21 00:56:36 +08:00 · 2018-02-15 12:23:36 -05:00
parent 1d9539337b
commit 831dc48883
5 changed files with 46 additions and 9 deletions
--- a/libpod/options.go
+++ b/libpod/options.go
@ -272,6 +272,18 @@ func WithPrivileged(privileged bool) CtrCreateOption {
 	}
 }

+// WithNoNewPrivs sets the noNewPrivs flag in the container runtime
+func WithNoNewPrivs(noNewPrivs bool) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return ErrCtrFinalized
+		}
+
+		ctr.config.NoNewPrivs = noNewPrivs
+		return nil
+	}
+}
+
 // WithSELinuxLabels sets the mount label for SELinux
 func WithSELinuxLabels(processLabel, mountLabel string) CtrCreateOption {
 	return func(ctr *Container) error {