Add no-new-privileg flag

The daemon config for defaulting to no-new-privileges for containers was
added in d7fda019bb7e24f42f8ae1ddecb3fd52df3c48bf, but somehow we
managed to omit the flag itself, but also documented the flag.
This just adds the actual flag.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>

1 files changed, 1 insertions, 0 deletions

diff --git a/cmd/dockerd/config_unix.go b/cmd/dockerd/config_unix.go
index d79f0b5c9a..8e741aa904 100644
--- a/cmd/dockerd/config_unix.go
+++ b/cmd/dockerd/config_unix.go
@@ -46,6 +46,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
 	flags.Int64Var(&conf.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds")
 	flags.StringVar(&conf.SeccompProfile, "seccomp-profile", "", "Path to seccomp profile")
 	flags.Var(&conf.ShmSize, "default-shm-size", "Default shm size for containers")
+	flags.BoolVar(&conf.NoNewPrivileges, "no-new-privileges", false, "Set no-new-privileges by default for new containers")
 
 	attachExperimentalFlags(conf, flags)
 }