From d101e9c5b36104a6f9e948c4baef7bcff0be6341 Mon Sep 17 00:00:00 2001
From: Shishir Mahajan <smahajan@roblox.com>
Date: Thu, 12 Nov 2020 11:34:56 -0800
Subject: [PATCH 1/3] Add option to select current working directory (cwd).

---
 containerd/containerd.go | 5 +++++
 containerd/driver.go     | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/containerd/containerd.go b/containerd/containerd.go
index d8be647..0735e90 100644
--- a/containerd/containerd.go
+++ b/containerd/containerd.go
@@ -115,6 +115,11 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC
 		opts = append(opts, oci.WithDroppedCapabilities(config.CapDrop))
 	}
 
+	// Set current working directory (cwd).
+	if config.Cwd != "" {
+		opts = append(opts, oci.WithProcessCwd(config.Cwd))
+	}
+
 	// Set environment variables.
 	opts = append(opts, oci.WithEnv(containerConfig.Env))
 
diff --git a/containerd/driver.go b/containerd/driver.go
index 4aaa086..35d7826 100644
--- a/containerd/driver.go
+++ b/containerd/driver.go
@@ -90,6 +90,7 @@ var (
 		"args":       hclspec.NewAttr("args", "list(string)", false),
 		"cap_add":    hclspec.NewAttr("cap_add", "list(string)", false),
 		"cap_drop":   hclspec.NewAttr("cap_drop", "list(string)", false),
+		"cwd":        hclspec.NewAttr("cwd", "string", false),
 		"devices":    hclspec.NewAttr("devices", "list(string)", false),
 		"privileged": hclspec.NewAttr("privileged", "bool", false),
 		"host_dns": hclspec.NewDefault(
@@ -146,6 +147,7 @@ type TaskConfig struct {
 	Args           []string `codec:"args"`
 	CapAdd         []string `codec:"cap_add"`
 	CapDrop        []string `codec:"cap_drop"`
+	Cwd            string   `codec:"cwd"`
 	Devices        []string `codec:"devices"`
 	Seccomp        bool     `codec:"seccomp"`
 	SeccompProfile string   `codec:"seccomp_profile"`

From 36d5b31abf4fb6162cfd37cf5ac636eb42cf8c2c Mon Sep 17 00:00:00 2001
From: Shishir Mahajan <smahajan@roblox.com>
Date: Thu, 12 Nov 2020 11:49:31 -0800
Subject: [PATCH 2/3] Add test.

---
 example/redis.nomad     | 1 +
 tests/001-test-redis.sh | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/example/redis.nomad b/example/redis.nomad
index 0a37653..6d9a855 100644
--- a/example/redis.nomad
+++ b/example/redis.nomad
@@ -8,6 +8,7 @@ job "redis" {
       config {
         image   = "docker.io/library/redis:alpine"
         seccomp = true
+        cwd     = "/home/redis"
       }
 
       resources {
diff --git a/tests/001-test-redis.sh b/tests/001-test-redis.sh
index f16557f..baf322e 100755
--- a/tests/001-test-redis.sh
+++ b/tests/001-test-redis.sh
@@ -25,10 +25,10 @@ test_redis_nomad_job() {
         exit 1
     fi
 
-    echo "INFO: Exec redis job."
-    exec_output=$(nomad alloc exec -job redis echo hello_exec)
-    if [ $exec_output != "hello_exec" ]; then
-        echo "ERROR: Error in exec'ing redis job."
+    echo "INFO: Exec redis job and check current working directory (cwd)."
+    exec_output=$(nomad alloc exec -job redis pwd)
+    if [ $exec_output != "/home/redis" ]; then
+        echo "ERROR: Error in exec'ing redis job and checking current working directory (cwd)."
         exit 1
     fi
 

From 6c3001a542047c073bce67bbed033e8f15f6b7bd Mon Sep 17 00:00:00 2001
From: Shishir Mahajan <smahajan@roblox.com>
Date: Thu, 12 Nov 2020 12:10:22 -0800
Subject: [PATCH 3/3] Update docs.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 83c9253..bcf2e6d 100644
--- a/README.md
+++ b/README.md
@@ -87,6 +87,7 @@ More detailed instructions are in the [`example README.md`](https://github.com/R
 | **image** | string | yes | OCI image (docker is also OCI compatible) for your container. |
 | **command** | string | no | Command to override command defined in the image. |
 | **args** | []string | no | Arguments to the command. |
+| **cwd** | string | no | Specify the current working directory for your container process. If the directory does not exist, one will be created for you. |
 | **privileged** | bool | no | Run container in privileged mode. Your container will have all linux capabilities when running in privileged mode. |
 | **host_dns** | bool | no | Default (`true`). By default, a container launched using `containerd-driver` will use host `/etc/resolv.conf`. This is similar to [`docker behavior`](https://docs.docker.com/config/containers/container-networking/#dns-services). However, if you don't want to use host DNS, you can turn off this flag by setting `host_dns=false`. |
 | **seccomp** | bool | no | Enable default seccomp profile. List of [`allowed syscalls`](https://github.com/containerd/containerd/blob/master/contrib/seccomp/seccomp_default.go#L51-L390). |