kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Explicity set Cgroup NS mode to "host" when running privileged

Browse source 
Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
This commit is contained in:
Rob Gulewich 2019-07-29 15:33:18 -07:00
parent 96f6c81ab7
commit 530f2d65c3
1 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
daemon/daemon_unix.go
View file

@ -361,12 +361,16 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
// Set default cgroup namespace mode, if unset for container
if hostConfig.CgroupnsMode.IsEmpty() {
if hostConfig.Privileged {
hostConfig.CgroupnsMode = containertypes.CgroupnsMode("host")
} else {
m := config.DefaultCgroupNamespaceMode
if daemon.configStore != nil {
m = daemon.configStore.CgroupNamespaceMode
}
hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
}
}
adaptSharedNamespaceContainer(daemon, hostConfig)