Container Runner in Privileged Mode
In some cases, you may wish to run your docker containers in a privileged environment, such as to enable a GDB by setting --cap-add=SYS_PTRACE
.
CircleCI Cloud's Docker executor does not offer this configuration at this time.
However, you can do this if you are using the self-hosted container runner.
Please cast your vote to this feature request to see this in the cloud environment.
Values Setup
agent:
resourceClasses:
namespace/container-runner:
token: ${TOKEN}
spec:
containers:
- resources:
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
securityContext:
privileged: true
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
Verifying Privileged Mode
You can run the following step within your job to verify the container is in privileged mode.
- run:
name: Privilege check
command: |
(ip link add dummy2 type dummy 2>&1 >/dev/null && echo "Running in privileged container" )|| (echo "Not in privileged container" )
You can also run the following Kubernetes command to verify.
kubectl get pod ${POD_NAME} -n <namespace> -o json | jq -r '.spec.containers[].securityContext.privileged'
Comments
Article is closed for comments.