Add support for mounts.

Signed-off-by: Shishir Mahajan <smahajan@roblox.com>

containerd/containerd.go

@@ -25,11 +25,13 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
 		return nil, fmt.Errorf("Command is empty. Cannot set --args without --command.")
 	}
 
+	// Command set by the user, to override entrypoint or cmd defined in the image.
 	var args []string
 	if config.Command != "" {
 		args = append(args, config.Command)
 	}
 
+	// Arguments to the command set by the user.
 	if len(config.Args) > 0 {
 		args = append(args, config.Args...)
 	}
@@ -38,22 +40,27 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
 
 	opts = append(opts, oci.WithImageConfigArgs(image, args))
 
+	// Enable privileged mode.
 	if config.Privileged {
 		opts = append(opts, oci.WithPrivileged)
 	}
 
+	// Launch container in read-only mode.
 	if config.ReadOnlyRootfs {
 		opts = append(opts, oci.WithRootFSReadonly())
 	}
 
+	// Add capabilities.
 	if len(config.CapAdd) > 0 {
 		opts = append(opts, oci.WithAddedCapabilities(config.CapAdd))
 	}
 
+	// Drop capabilities.
 	if len(config.CapDrop) > 0 {
 		opts = append(opts, oci.WithDroppedCapabilities(config.CapDrop))
 	}
 
+	// Set environment variables.
 	opts = append(opts, oci.WithEnv(env))
 
 	// Add linux devices into the container.

containerd/driver.go

@@ -77,6 +77,15 @@ var (
 		"devices":         hclspec.NewAttr("devices", "list(string)", false),
 		"privileged":      hclspec.NewAttr("privileged", "bool", false),
 		"readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false),
+		"mounts": hclspec.NewBlockList("mounts", hclspec.NewObject(map[string]*hclspec.Spec{
+			"type": hclspec.NewDefault(
+				hclspec.NewAttr("type", "string", false),
+				hclspec.NewLiteral("\"volume\""),
+			),
+			"target":  hclspec.NewAttr("target", "string", false),
+			"source":  hclspec.NewAttr("source", "string", false),
+			"options": hclspec.NewAttr("options", "list(string)", false),
+		})),
 	})
 
 	// capabilities indicates what optional features this driver supports
@@ -96,6 +105,15 @@ type Config struct {
 	StatsInterval     string `codec:"stats_interval"`
 }
 
+// Volume, bind, and tmpfs type mounts are supported.
+// Mount contains configuration information about a mountpoint.
+type Mount struct {
+	Type    string   `codec:"type"`
+	Target  string   `codec:"target"`
+	Source  string   `codec:"source"`
+	Options []string `codec:"options"`
+}
+
 // TaskConfig contains configuration information for a task that runs with
 // this plugin
 type TaskConfig struct {
@@ -107,6 +125,7 @@ type TaskConfig struct {
 	Devices        []string `codec:"devices"`
 	Privileged     bool     `codec:"privileged"`
 	ReadOnlyRootfs bool     `codec:"readonly_rootfs"`
+	Mounts         []Mount  `codec:"mounts"`
 }
 
 // TaskState is the runtime state which is encoded in the handle returned to