Explicity set Cgroup NS mode to "host" when running privileged
Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
This commit is contained in:
parent
96f6c81ab7
commit
530f2d65c3
|
@ -361,11 +361,15 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
|
|||
|
||||
// Set default cgroup namespace mode, if unset for container
|
||||
if hostConfig.CgroupnsMode.IsEmpty() {
|
||||
m := config.DefaultCgroupNamespaceMode
|
||||
if daemon.configStore != nil {
|
||||
m = daemon.configStore.CgroupNamespaceMode
|
||||
if hostConfig.Privileged {
|
||||
hostConfig.CgroupnsMode = containertypes.CgroupnsMode("host")
|
||||
} else {
|
||||
m := config.DefaultCgroupNamespaceMode
|
||||
if daemon.configStore != nil {
|
||||
m = daemon.configStore.CgroupNamespaceMode
|
||||
}
|
||||
hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
|
||||
}
|
||||
hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
|
||||
}
|
||||
|
||||
adaptSharedNamespaceContainer(daemon, hostConfig)
|
||||
|
|
Loading…
Reference in New Issue