From 530f2d65c3f01d361167c6ca92cba3db142eea40 Mon Sep 17 00:00:00 2001
From: Rob Gulewich <rgulewich@netflix.com>
Date: Mon, 29 Jul 2019 15:33:18 -0700
Subject: [PATCH] Explicity set Cgroup NS mode to "host" when running
 privileged

Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
---
 daemon/daemon_unix.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index d100a83f23..fcfc902f82 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -361,11 +361,15 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
 
 	// Set default cgroup namespace mode, if unset for container
 	if hostConfig.CgroupnsMode.IsEmpty() {
-		m := config.DefaultCgroupNamespaceMode
-		if daemon.configStore != nil {
-			m = daemon.configStore.CgroupNamespaceMode
+		if hostConfig.Privileged {
+			hostConfig.CgroupnsMode = containertypes.CgroupnsMode("host")
+		} else {
+			m := config.DefaultCgroupNamespaceMode
+			if daemon.configStore != nil {
+				m = daemon.configStore.CgroupNamespaceMode
+			}
+			hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
 		}
-		hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
 	}
 
 	adaptSharedNamespaceContainer(daemon, hostConfig)