Merge pull request #39578 from rgulewich/cgroupns-test-req

Fix running in privileged mode against a daemon with --default-cgroupns-mode=host

daemon/daemon_unix.go

@@ -361,11 +361,15 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
 
 	// Set default cgroup namespace mode, if unset for container
 	if hostConfig.CgroupnsMode.IsEmpty() {
-		m := config.DefaultCgroupNamespaceMode
-		if daemon.configStore != nil {
-			m = daemon.configStore.CgroupNamespaceMode
+		if hostConfig.Privileged {
+			hostConfig.CgroupnsMode = containertypes.CgroupnsMode("host")
+		} else {
+			m := config.DefaultCgroupNamespaceMode
+			if daemon.configStore != nil {
+				m = daemon.configStore.CgroupNamespaceMode
+			}
+			hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
 		}
-		hostConfig.CgroupnsMode = containertypes.CgroupnsMode(m)
 	}
 
 	adaptSharedNamespaceContainer(daemon, hostConfig)

integration/container/run_cgroupns_linux_test.go

@@ -68,7 +68,7 @@ func TestCgroupNamespacesRun(t *testing.T) {
 func TestCgroupNamespacesRunPrivileged(t *testing.T) {
 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
 	skip.If(t, testEnv.IsRemoteDaemon())
-	skip.If(t, requirement.CgroupNamespacesEnabled())
+	skip.If(t, !requirement.CgroupNamespacesEnabled())
 
 	// When the daemon defaults to private cgroup namespaces, privileged containers
 	// launched should not be inside their own cgroup namespaces