Fix privileged container sysfs can't be rw because pod is ro by default

Signed-off-by: fengwei0328 <feng.wei8@zte.com.cn>
2025-01-17 14:29:53 +08:00
parent 67bb32a8b2
commit c7f64196fc
3 changed files with 120 additions and 0 deletions
--- a/integration/main_test.go
+++ b/integration/main_test.go
@@ -218,6 +218,19 @@ func WithPodLabels(kvs map[string]string) PodSandboxOpts {
 	}
 }

+// WithSecurityContext set container privileged.
+func WithPodSecurityContext(privileged bool) PodSandboxOpts {
+	return func(p *runtime.PodSandboxConfig) {
+		if p.Linux == nil {
+			p.Linux = &runtime.LinuxPodSandboxConfig{}
+		}
+		if p.Linux.SecurityContext == nil {
+			p.Linux.SecurityContext = &runtime.LinuxSandboxSecurityContext{}
+		}
+		p.Linux.SecurityContext.Privileged = privileged
+	}
+}
+
 // PodSandboxConfig generates a pod sandbox config for test.
 func PodSandboxConfig(name, ns string, opts ...PodSandboxOpts) *runtime.PodSandboxConfig {
 	var cgroupParent string
@@ -462,6 +475,19 @@ func WithSupplementalGroups(gids []int64) ContainerOpts {
 	}
 }

+// WithSecurityContext set container privileged.
+func WithSecurityContext(privileged bool) ContainerOpts {
+	return func(c *runtime.ContainerConfig) {
+		if c.Linux == nil {
+			c.Linux = &runtime.LinuxContainerConfig{}
+		}
+		if c.Linux.SecurityContext == nil {
+			c.Linux.SecurityContext = &runtime.LinuxContainerSecurityContext{}
+		}
+		c.Linux.SecurityContext.Privileged = privileged
+	}
+}
+
 // WithDevice adds a device mount.
 func WithDevice(containerPath, hostPath, permissions string) ContainerOpts {
 	return func(c *runtime.ContainerConfig) {