kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Explicity set Cgroup NS mode to "host" when running privileged 

Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
This commit is contained in:
Rob Gulewich 2019-07-29 15:33:18 -07:00
parent 96f6c81ab7
commit 530f2d65c3
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
daemon/daemon_unix.go
View File

@ -361,11 +361,15 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
// Set default cgroup namespace mode, if unset for container // Set default cgroup namespace mode, if unset for container
if hostConfig.CgroupnsMode.IsEmpty() { if hostConfig.CgroupnsMode.IsEmpty() {
m := config.DefaultCgroupNamespaceMode if hostConfig.Privileged {
if daemon.configStore != nil { hostConfig.CgroupnsMode = containertypes.CgroupnsMode("host")
m = daemon.configStore.CgroupNamespaceMode } else {
m := config.DefaultCgroupNamespaceMode
if daemon.configStore != nil {
m = daemon.configStore.CgroupNamespaceMode
}
hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
} }
hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
} }
adaptSharedNamespaceContainer(daemon, hostConfig) adaptSharedNamespaceContainer(daemon, hostConfig)