Allow new privileges in container

Signed-off-by: Kohei Tokunaga <[email protected]>
x-alebrijecircus-dvcs · Jan 31, 2024 · e70405a · e70405a
1 parent 16ea78f
commit e70405a
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/cmd/create-spec/main.go b/cmd/create-spec/main.go
@@ -323,7 +323,8 @@ func generateSpec(config spec.Image, rootfs string) (_ *specs.Spec, err error) {
 		ctdoci.WithHostNamespace(specs.NetworkNamespace),
 		ctdoci.WithoutRunMount,
 		ctdoci.WithEnv(ic.Env),
-		ctdoci.WithTTY, // TODO: make it configurable
+		ctdoci.WithTTY,           // TODO: make it configurable
+		ctdoci.WithNewPrivileges, // TODO: make it configurable
 	)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate spec: %w", err)