Small fixes to container Exec

Fix an error message, and always set Privileged if the container is also privileged. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
2025-08-06 03:19:52 +08:00 · 2018-02-23 15:02:21 -05:00
parent 11091041c2
commit 920b66707e
1 changed files with 5 additions and 2 deletions
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@ -213,6 +213,8 @@ func (c *Container) Kill(signal uint) error {
 }

 // Exec starts a new process inside the container
+// TODO allow specifying streams to attach to
+// TODO investigate allowing exec without attaching
 func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) error {
 	var capList []string

@ -227,10 +229,11 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e

 	conState := c.state.State

+	// TODO can probably relax this once we track exec sessions
 	if conState != ContainerStateRunning {
-		return errors.Errorf("cannot attach to container that is not running")
+		return errors.Errorf("cannot exec into container that is not running")
 	}
-	if privileged {
+	if privileged || c.config.Privileged {
 		capList = caps.GetAllCapabilities()
 	}
 	globalOpts := runcGlobalOptions{