Enable oci.WithNewPrivileges in privileged mode

sha7khan · web-flow · commit ae3c77d578eb · 2021-12-05T08:53:20.000+05:30
diff --git a/containerd/containerd.go b/containerd/containerd.go
@@ -149,7 +149,7 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC
 
 	// Enable privileged mode.
 	if config.Privileged {
-		opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices)
+		opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices, oci.WithNewPrivileges)
 	}
 
 	// WithPidsLimit sets the container's pid limit or maximum

Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ func (d Driver) createContainer(containerConfig ContainerConfig, config *TaskC`
`149`	`149`
`150`	`150`	`// Enable privileged mode.`
`151`	`151`	`if config.Privileged {`
`152`		`- opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices)`
	`152`	`+ opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices, oci.WithNewPrivileges)`
`153`	`153`	`}`
`154`	`154`
`155`	`155`	`// WithPidsLimit sets the container's pid limit or maximum`