Enable all devices in privileged mode

sha7khan · web-flow · commit 32a46614eb07 · 2021-11-23T10:43:40.000+05:30
The Privileged mode in containerd driver is not adding devices from host device. This change will make the driver's privileged mode equivalent to ctr tool's privileged mode - https://github.com/containerd/containerd/blob/main/cmd/ctr/commands/run/run_unix.go#L205-L207
diff --git a/containerd/containerd.go b/containerd/containerd.go
@@ -149,7 +149,7 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC
 
 	// Enable privileged mode.
 	if config.Privileged {
-		opts = append(opts, oci.WithPrivileged)
+		opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices)
 	}
 
 	// WithPidsLimit sets the container's pid limit or maximum

Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ func (d Driver) createContainer(containerConfig ContainerConfig, config *TaskC`
`149`	`149`
`150`	`150`	`// Enable privileged mode.`
`151`	`151`	`if config.Privileged {`
`152`		`- opts = append(opts, oci.WithPrivileged)`
	`152`	`+ opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices)`
`153`	`153`	`}`
`154`	`154`
`155`	`155`	`// WithPidsLimit sets the container's pid limit or maximum`