zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2026-04-22 23:17:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Honor spec.Process.NoNewPrivileges in specconv.CreateLibcontainerConfig

Browse Source 
The change ensures that the passed in value of NoNewPrivileges under spec.Process
is reflected in the container config generated by specconv.CreateLibcontainerConfig

Closes #2397

Signed-off-by: Pradyumna Agrawal <pradyumnaa@vmware.com>
This commit is contained in:
Pradyumna Agrawal
2020-05-11 13:38:14 -07:00
parent 2c8d668eee
commit 4aa9101477
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libcontainer/specconv/spec_linux.go
+1
View File
@@ -260,6 +260,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
}
if spec.Process != nil {
config.OomScoreAdj = spec.Process.OOMScoreAdj
config.NoNewPrivileges = spec.Process.NoNewPrivileges
if spec.Process.SelinuxLabel != "" {
config.ProcessLabel = spec.Process.SelinuxLabel
}