diff --git a/containerd/containerd.go b/containerd/containerd.go index 8ee3878..83d9b8e 100644 --- a/containerd/containerd.go +++ b/containerd/containerd.go @@ -149,7 +149,7 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC // Enable privileged mode. if config.Privileged { - opts = append(opts, oci.WithPrivileged) + opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices, oci.WithNewPrivileges) } // WithPidsLimit sets the container's pid limit or maximum diff --git a/tests/004-test-privileged.sh b/tests/004-test-privileged.sh index d79f13e..3eda055 100755 --- a/tests/004-test-privileged.sh +++ b/tests/004-test-privileged.sh @@ -41,7 +41,7 @@ test_privileged_nomad_job() { # depending on the execution environment. expected_capabilities="37" if [[ "$GITHUB_ACTIONS" == "true" ]]; then - expected_capabilities="39" + expected_capabilities="40" fi actual_capabilities=$(nomad alloc exec -job privileged capsh --print|grep -i bounding|cut -d '=' -f 2|awk '{split($0,a,","); print a[length(a)]}')