From 903191072e06606b4ec967666dbfa2b948846f4c Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Wed, 4 Apr 2018 12:30:20 +0100
Subject: [PATCH] Add --privileged option to ctr run

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 cmd/ctr/commands/run/run.go      | 4 ++++
 cmd/ctr/commands/run/run_unix.go | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/cmd/ctr/commands/run/run.go b/cmd/ctr/commands/run/run.go
index ad3a8f7aa..28944aaed 100644
--- a/cmd/ctr/commands/run/run.go
+++ b/cmd/ctr/commands/run/run.go
@@ -68,6 +68,10 @@ var ContainerFlags = []cli.Flag{
 		Name:  "net-host",
 		Usage: "enable host networking for the container",
 	},
+	cli.BoolFlag{
+		Name:  "privileged",
+		Usage: "run privileged container",
+	},
 	cli.BoolFlag{
 		Name:  "read-only",
 		Usage: "set the containers filesystem as readonly",
diff --git a/cmd/ctr/commands/run/run_unix.go b/cmd/ctr/commands/run/run_unix.go
index b6826b7cb..0a3a5db68 100644
--- a/cmd/ctr/commands/run/run_unix.go
+++ b/cmd/ctr/commands/run/run_unix.go
@@ -103,6 +103,9 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 	if context.Bool("tty") {
 		opts = append(opts, oci.WithTTY)
 	}
+	if context.Bool("privileged") {
+		opts = append(opts, oci.WithPrivileged)
+	}
 	if context.Bool("net-host") {
 		opts = append(opts, oci.WithHostNamespace(specs.NetworkNamespace), oci.WithHostHostsFile, oci.WithHostResolvconf)
 	}