luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity

Docker privileged checks if host enabled it

Browse source
This commit is contained in:
Alex Dadgar 2015-11-06 10:38:54 -08:00
parent 149366b89e
commit bb9f2aa66c
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
client/driver/docker.go
View file

@ -181,11 +181,20 @@ func (d *DockerDriver) createContainer(ctx *ExecContext, task *structs.Task) (do
d.logger.Printf("[DEBUG] driver.docker: binding directories %#v for %s", hostConfig.Binds, task.Config["image"])
// set privileged mode
hostPrivileged, err := strconv.ParseBool(d.config.ReadDefault("docker.privileged.enabled", "false"))
if err != nil {
return c, fmt.Errorf("Unable to parse docker.privileged.enabled: %s", err)
}
if v, ok := task.Config["privileged"]; ok {
taskPrivileged, err := strconv.ParseBool(v)
if err != nil {
return c, fmt.Errorf("Unable to parse boolean value from task config option 'privileged': %s", err)
return c, fmt.Errorf("Unable to parse boolean value from task config option 'privileged': %v", err)
}
if taskPrivileged && !hostPrivileged {
return c, fmt.Errorf(`Unable to set privileged flag since "docker.privileged.enabled" is false`)
}
hostConfig.Privileged = taskPrivileged
}

6
website/source/docs/drivers/docker.html.md
View file

@ -34,8 +34,8 @@ The `docker` driver supports the following configuration in the job specificatio
* `privileged` - (optional) Privileged mode gives the container full access to
the host. Valid options are `"true"` and `"false"` (defaults to `"false"`).
In order to use privileged mode, a client with the option
`docker.privileged.enabled = "true"` must be available.
Tasks with `privileged` set can only run on Nomad Agents with
`docker.privileged.enabled = "true"`.
* `dns-servers` - (optional) A comma separated list of DNS servers for the container
to use (e.g. "8.8.8.8,8.8.4.4"). *Docker API v1.10 and above only*
@ -143,7 +143,7 @@ The `docker` driver has the following configuration options:
* `docker.privileged.enabled` Defaults to `false`. Changing this to `true` will
allow containers to use "privileged" mode, which gives the containers full access
to the host
to the host.
Note: When testing or using the `-dev` flag you can use `DOCKER_HOST`,