Add support for privileged containers.

This commit is contained in:
Shishir Mahajan 2020-06-25 17:04:51 -07:00
parent eec5ca2478
commit e37fa44630
No known key found for this signature in database
GPG Key ID: D41782E7688DEC4A
2 changed files with 16 additions and 10 deletions

View File

@ -38,6 +38,10 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
opts = append(opts, oci.WithImageConfigArgs(image, args))
if config.Privileged {
opts = append(opts, oci.WithPrivileged)
}
if len(config.CapAdd) > 0 {
opts = append(opts, oci.WithAddedCapabilities(config.CapAdd))
}

View File

@ -74,6 +74,7 @@ var (
"args": hclspec.NewAttr("args", "list(string)", false),
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
"privileged": hclspec.NewAttr("privileged", "bool", false),
})
// capabilities indicates what optional features this driver supports
@ -101,6 +102,7 @@ type TaskConfig struct {
Args []string `codec:"args"`
CapAdd []string `codec:"cap_add"`
CapDrop []string `codec:"cap_drop"`
Privileged bool `codec:"privileged"`
}
// TaskState is the runtime state which is encoded in the handle returned to