github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #7328 from liubin/add-privileged-without-host-devices

Browse Source 
ctr: add privileged-without-host-devices for run command
This commit is contained in:
Derek McGowan 2022-09-09 20:58:16 -07:00 committed by GitHub
commit 5bedf3fca3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cmd/ctr/commands/run/run_unix.go
View File

@ -70,6 +70,10 @@ var platformRunFlags = []cli.Flag{
Name: "remap-labels", Name: "remap-labels",
Usage: "provide the user namespace ID remapping to the snapshotter via label options; requires snapshotter support", Usage: "provide the user namespace ID remapping to the snapshotter via label options; requires snapshotter support",
}, },
cli.BoolFlag{
Name: "privileged-without-host-devices",
Usage: "don't pass all host devices to privileged container",
},
cli.Float64Flag{ cli.Float64Flag{
Name: "cpus", Name: "cpus",
Usage: "set the CFS cpu quota", Usage: "set the CFS cpu quota",
@ -202,9 +206,20 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
if context.Bool("tty") { if context.Bool("tty") {
opts = append(opts, oci.WithTTY) opts = append(opts, oci.WithTTY)
} }
if context.Bool("privileged") {
privileged := context.Bool("privileged")
privilegedWithoutHostDevices := context.Bool("privileged-without-host-devices")
if privilegedWithoutHostDevices && !privileged {
return nil, fmt.Errorf("can't use 'privileged-without-host-devices' without 'privileged' specified")
}
if privileged {
if privilegedWithoutHostDevices {
opts = append(opts, oci.WithPrivileged)
} else {
opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices) opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices)
} }
}
if context.Bool("net-host") { if context.Bool("net-host") {
hostname, err := os.Hostname() hostname, err := os.Hostname()
if err != nil { if err != nil {