github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add flag to overload default privileged host device behaviour

Browse Source 
This commit adds a flag to the runtime config that allows overloading of the default
privileged behaviour. When the flag is enabled on a runtime, host devices won't
be appended to the runtime spec if the container is run as privileged.

By default the flag is false to maintain the current behaviour of privileged.

Fixes #1213

Signed-off-by: Alex Price <aprice@atlassian.com>
This commit is contained in:
Alex Price
2019-08-07 16:22:26 +10:00
parent 95bd02d28f
commit 3353ab76d9
4 changed files with 135 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/config/config.go
View File

@@ -41,6 +41,9 @@ type Runtime struct {
// Options are config options for the runtime. If options is loaded
// from toml config, it will be toml.Primitive.
Options *toml.Primitive `toml:"options" json:"options"`
// PrivilegedWithoutHostDevices overloads the default behaviour for adding host devices to the
// runtime spec when the container is privileged. Defaults to false.
PrivilegedWithoutHostDevices bool `toml:"privileged_without_host_devices" json:"privileged_without_host_devices"`
}
// ContainerdConfig contains toml config related to containerd