From c08ed981d75585313534d1b55329be97667a8d2d Mon Sep 17 00:00:00 2001 From: n-marton Date: Fri, 14 Jan 2022 00:21:27 +0100 Subject: [PATCH] add parameter to allow the setting of running user for container (#120) * add parameter to allow the setting of running user for container * use task level user param as source param --- containerd/containerd.go | 5 +++++ containerd/driver.go | 2 ++ 2 files changed, 7 insertions(+) diff --git a/containerd/containerd.go b/containerd/containerd.go index 83d9b8e..4665d1e 100644 --- a/containerd/containerd.go +++ b/containerd/containerd.go @@ -49,6 +49,7 @@ type ContainerConfig struct { MemoryLimit int64 MemoryHardLimit int64 CPUShares int64 + User string } func (d *Driver) isContainerdRunning() (bool, error) { @@ -321,6 +322,10 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC opts = append(opts, oci.WithLinuxNamespace(specs.LinuxNamespace{Type: specs.NetworkNamespace, Path: containerConfig.NetworkNamespacePath})) } + if containerConfig.User != "" { + opts = append(opts, oci.WithUser(containerConfig.User)) + } + ctxWithTimeout, cancel := context.WithTimeout(d.ctxContainerd, 30*time.Second) defer cancel() diff --git a/containerd/driver.go b/containerd/driver.go index a82e12d..882350c 100644 --- a/containerd/driver.go +++ b/containerd/driver.go @@ -469,6 +469,8 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive containerConfig.MemoryHardLimit = cfg.Resources.NomadResources.Memory.MemoryMaxMB * 1024 * 1024 containerConfig.CPUShares = cfg.Resources.LinuxResources.CPUShares + containerConfig.User = cfg.User + container, err := d.createContainer(&containerConfig, &driverConfig) if err != nil { return nil, nil, fmt.Errorf("Error in creating container: %v", err)