Hook up the support to the OCI specification config

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-02-16 03:55:53 -08:00 · 2016-02-16 03:55:53 -08:00 · af400b90c3
parent 38b39645d9
commit af400b90c3
1 changed files with 2 additions and 0 deletions
--- a/spec.go
+++ b/spec.go
@ -140,6 +140,7 @@ var specCommand = cli.Command{
 						Soft: uint64(1024),
 					},
 				},
+				NoNewPrivileges: true,
 			},
 		}

@ -300,6 +301,7 @@ func createLibcontainerConfig(cgroupName string, spec *specs.LinuxSpec) (*config
 	config.Sysctl = spec.Linux.Sysctl
 	config.ProcessLabel = spec.Linux.SelinuxProcessLabel
 	config.AppArmorProfile = spec.Linux.ApparmorProfile
+	config.NoNewPrivileges = spec.Linux.NoNewPrivileges
 	for _, g := range spec.Process.User.AdditionalGids {
 		config.AdditionalGroups = append(config.AdditionalGroups, strconv.FormatUint(uint64(g), 10))
 	}