add parameter to allow the setting of running user for container (#120)

n-marton · web-flow · commit c08ed981d755 · 2022-01-13T15:21:27.000-08:00
* add parameter to allow the setting of running user for container
* use task level user param as source param
diff --git a/containerd/containerd.go b/containerd/containerd.go
@@ -49,6 +49,7 @@ type ContainerConfig struct {
 	MemoryLimit           int64
 	MemoryHardLimit       int64
 	CPUShares             int64
+	User                  string
 }
 
 func (d *Driver) isContainerdRunning() (bool, error) {
@@ -321,6 +322,10 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC
 		opts = append(opts, oci.WithLinuxNamespace(specs.LinuxNamespace{Type: specs.NetworkNamespace, Path: containerConfig.NetworkNamespacePath}))
 	}
 
+	if containerConfig.User != "" {
+		opts = append(opts, oci.WithUser(containerConfig.User))
+	}
+
 	ctxWithTimeout, cancel := context.WithTimeout(d.ctxContainerd, 30*time.Second)
 	defer cancel()
 
diff --git a/containerd/driver.go b/containerd/driver.go
@@ -469,6 +469,8 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
 	containerConfig.MemoryHardLimit = cfg.Resources.NomadResources.Memory.MemoryMaxMB * 1024 * 1024
 	containerConfig.CPUShares = cfg.Resources.LinuxResources.CPUShares
 
+	containerConfig.User = cfg.User
+
 	container, err := d.createContainer(&containerConfig, &driverConfig)
 	if err != nil {
 		return nil, nil, fmt.Errorf("Error in creating container: %v", err)
