burble/nomad-driver-containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into security_fixes

Browse Source
This commit is contained in:
Shishir 2021-12-09 12:37:02 -08:00 committed by GitHub
commit 38d7d98b17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
containerd/containerd.go
View File

@ -149,7 +149,7 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC
// Enable privileged mode.
if config.Privileged {
opts = append(opts, oci.WithPrivileged)
opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices, oci.WithNewPrivileges)
}
// WithPidsLimit sets the container's pid limit or maximum

2
tests/004-test-privileged.sh
View File

@ -41,7 +41,7 @@ test_privileged_nomad_job() {
# depending on the execution environment.
expected_capabilities="37"
if [[ "$GITHUB_ACTIONS" == "true" ]]; then
expected_capabilities="39"
expected_capabilities="40"
fi
actual_capabilities=$(nomad alloc exec -job privileged capsh --print|grep -i bounding|cut -d '=' -f 2|awk '{split($0,a,","); print a[length(a)]}')