diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_config.go | 3 | ||||
| -rw-r--r-- | libpod/container_internal.go | 3 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 8 | ||||
| -rw-r--r-- | libpod/options.go | 14 |
4 files changed, 28 insertions, 0 deletions
diff --git a/libpod/container_config.go b/libpod/container_config.go index 30b84adcf..6558f3c89 100644 --- a/libpod/container_config.go +++ b/libpod/container_config.go @@ -412,6 +412,9 @@ type ContainerMiscConfig struct { InitContainerType string `json:"init_container_type,omitempty"` // PasswdEntry specifies arbitrary data to append to a file. PasswdEntry string `json:"passwd_entry,omitempty"` + // MountAllDevices is an option to indicate whether a privileged container + // will mount all the host's devices + MountAllDevices bool `json:"mountAllDevices"` } // InfraInherit contains the compatible options inheritable from the infra container diff --git a/libpod/container_internal.go b/libpod/container_internal.go index bbf8c831c..fd451f9ef 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1001,6 +1001,9 @@ func (c *Container) completeNetworkSetup() error { if err := c.runtime.setupNetNS(c); err != nil { return err } + if err := c.save(); err != nil { + return err + } state := c.state // collect any dns servers that cni tells us to use (dnsname) for _, status := range c.getNetworkStatus() { diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 3602d06ce..41c0ac595 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -437,6 +437,14 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { //nolint:staticcheck g := generate.NewFromSpec(c.config.Spec) + // If the flag to mount all devices is set for a privileged container, add + // all the devices from the host's machine into the container + if c.config.MountAllDevices { + if err := util.AddPrivilegedDevices(&g); err != nil { + return nil, err + } + } + // If network namespace was requested, add it now if c.config.CreateNetNS { if c.config.PostConfigureNetNS { diff --git a/libpod/options.go b/libpod/options.go index 4b6803c3f..8b3b07efa 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -2174,3 +2174,17 @@ func WithPasswdEntry(passwdEntry string) CtrCreateOption { return nil } } + +// WithMountAllDevices sets the option to mount all of a privileged container's +// host devices +func WithMountAllDevices() CtrCreateOption { + return func(ctr *Container) error { + if ctr.valid { + return define.ErrCtrFinalized + } + + ctr.config.MountAllDevices = true + + return nil + } +} |