Restrict container from acquiring additional privileges

[anshupande]

As per this PR: #20727
I tried testing docker run -it --rm --security-opt=no-new-privileges fedora bash but it fails: Error response from daemon: Invalid --security-opt: "no-new-privileges"

[cpuguy83]

@anshupande Please provide the output of docker info and docker version.

[anshupande]

core@ip-10-74-131-107 sandbox-ap-us-east-1a-control ~ $ docker info
Containers: 9
Images: 135
Server Version: 1.9.1
Storage Driver: overlay
Backing Filesystem: extfs
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.3.6-coreos
Operating System: CoreOS 899.17.0
CPUs: 1
Total Memory: 3.679 GiB
Name: ip-10-74-131-107.ec2.internal
ID: 3CEO:E2Q4:O7AX:BSGP:KPY5:WA7Q:XSYK:U4ME:7BHR:CBJO:XKX7:LAD6
Username: behanceutil
Registry: https://index.docker.io/v1/

Client:
 Version:      1.9.1
 API version:  1.21
 Go version:   go1.4.3
 Git commit:   9894698
 Built:  
 OS/Arch:      linux/amd64

Server:
 Version:      1.9.1
 API version:  1.21
 Go version:   go1.4.3
 Git commit:   9894698
 Built:  
 OS/Arch:      linux/amd64```

[justincormack]

This feature was not in docker 1.9, I think it was only added in 1.11.

[anshupande]

ok..thanks

[cpuguy83]

Yep, 1.11. Sorry :(