Merge pull request #33 from Roblox/host_network

Add support for host network.

Author: shishir-a412ed

README.md

@@ -86,6 +86,7 @@ More detailed instructions are in the [`example README.md`](https://github.com/R
 | **args** | []string | no | Arguments to the command. |
 | **privileged** | bool | no | Run container in privileged mode. Your container will have all linux capabilities when running in privileged mode. |
 | **readonly_rootfs** | bool | no | Container root filesystem will be read-only. |
+| **host_network** | bool | no | Enable host network. This is equivalent to `--net=host` in docker. |
 | **cap_add** | []string | no | Add individual capabilities. |
 | **cap_drop** | []string | no | Drop invidual capabilities. |
 | **devices** | []string | no | A list of devices to be exposed to the container. |

containerd/containerd.go

@@ -70,6 +70,13 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
 		opts = append(opts, oci.WithRootFSReadonly())
 	}
 
+	// Enable host network.
+	// WithHostHostsFile bind-mounts the host's /etc/hosts into the container as readonly.
+	// WithHostResolvconf bind-mounts the host's /etc/resolv.conf into the container as readonly.
+	if config.HostNetwork {
+		opts = append(opts, oci.WithHostNamespace(specs.NetworkNamespace), oci.WithHostHostsFile, oci.WithHostResolvconf)
+	}
+
 	// Add capabilities.
 	if len(config.CapAdd) > 0 {
 		opts = append(opts, oci.WithAddedCapabilities(config.CapAdd))

containerd/driver.go

@@ -94,6 +94,7 @@ var (
 		"devices":         hclspec.NewAttr("devices", "list(string)", false),
 		"privileged":      hclspec.NewAttr("privileged", "bool", false),
 		"readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false),
+		"host_network":    hclspec.NewAttr("host_network", "bool", false),
 		"mounts": hclspec.NewBlockList("mounts", hclspec.NewObject(map[string]*hclspec.Spec{
 			"type": hclspec.NewDefault(
 				hclspec.NewAttr("type", "string", false),
@@ -142,6 +143,7 @@ type TaskConfig struct {
 	Devices        []string `codec:"devices"`
 	Privileged     bool     `codec:"privileged"`
 	ReadOnlyRootfs bool     `codec:"readonly_rootfs"`
+	HostNetwork    bool     `codec:"host_network"`
 	Mounts         []Mount  `codec:"mounts"`
 }