From 7ddc18348f79fb6a93ad87f6fd3c6370b5d0bfc7 Mon Sep 17 00:00:00 2001
From: qwerty287 <80460567+qwerty287@users.noreply.github.com>
Date: Sun, 19 Mar 2023 03:07:10 +0100
Subject: [PATCH] Only grant privileged to plugins (#1646)

Closes https://github.com/woodpecker-ci/woodpecker/issues/1525

Co-authored-by: Anbraten <anton@ju60.de>
---
 pipeline/frontend/yaml/compiler/convert.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pipeline/frontend/yaml/compiler/convert.go b/pipeline/frontend/yaml/compiler/convert.go
index 37d899e01..144fd827e 100644
--- a/pipeline/frontend/yaml/compiler/convert.go
+++ b/pipeline/frontend/yaml/compiler/convert.go
@@ -84,7 +84,7 @@ func (c *Compiler) createProcess(name string, container *yaml.Container, section
 		}
 	}
 
-	if matchImage(container.Image, c.escalated...) {
+	if matchImage(container.Image, c.escalated...) && container.IsPlugin() {
 		privileged = true
 	}