burble/nomad-driver-containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into security_fixes

Browse Source
This commit is contained in:
Shishir 2021-12-09 12:37:02 -08:00 committed by GitHub
commit 38d7d98b17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
containerd/containerd.go
View File

@ -149,7 +149,7 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC
// Enable privileged mode. // Enable privileged mode.
if config.Privileged { if config.Privileged {
opts = append(opts, oci.WithPrivileged) opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices, oci.WithNewPrivileges)
} }
// WithPidsLimit sets the container's pid limit or maximum // WithPidsLimit sets the container's pid limit or maximum

2
tests/004-test-privileged.sh
View File

@ -41,7 +41,7 @@ test_privileged_nomad_job() {
# depending on the execution environment. # depending on the execution environment.
expected_capabilities="37" expected_capabilities="37"
if [[ "$GITHUB_ACTIONS" == "true" ]]; then if [[ "$GITHUB_ACTIONS" == "true" ]]; then
expected_capabilities="39" expected_capabilities="40"
fi fi
actual_capabilities=$(nomad alloc exec -job privileged capsh --print|grep -i bounding|cut -d '=' -f 2|awk '{split($0,a,","); print a[length(a)]}') actual_capabilities=$(nomad alloc exec -job privileged capsh --print|grep -i bounding|cut -d '=' -f 2|awk '{split($0,a,","); print a[length(a)]}')