Add support for privileged containers.

2020-06-25 17:04:51 -07:00 · 2020-06-25 17:04:51 -07:00 · e37fa44630
commit e37fa44630
parent eec5ca2478
2 changed files with 16 additions and 10 deletions
--- a/containerd/containerd.go
+++ b/containerd/containerd.go
@ -38,6 +38,10 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe

 	opts = append(opts, oci.WithImageConfigArgs(image, args))

+	if config.Privileged {
+		opts = append(opts, oci.WithPrivileged)
+	}
+
 	if len(config.CapAdd) > 0 {
 		opts = append(opts, oci.WithAddedCapabilities(config.CapAdd))
 	}
--- a/containerd/driver.go
+++ b/containerd/driver.go
@ -74,6 +74,7 @@ var (
 		"args":       hclspec.NewAttr("args", "list(string)", false),
 		"cap_add":    hclspec.NewAttr("cap_add", "list(string)", false),
 		"cap_drop":   hclspec.NewAttr("cap_drop", "list(string)", false),
+		"privileged": hclspec.NewAttr("privileged", "bool", false),
 	})

 	// capabilities indicates what optional features this driver supports
@ -101,6 +102,7 @@ type TaskConfig struct {
 	Args       []string `codec:"args"`
 	CapAdd     []string `codec:"cap_add"`
 	CapDrop    []string `codec:"cap_drop"`
+	Privileged bool     `codec:"privileged"`
 }

 // TaskState is the runtime state which is encoded in the handle returned to