Container Runner in Privileged Mode

In some cases, you may wish to run your docker containers in a privileged environment.

CircleCI Cloud's Docker executor does not offer this configuration at this time.
However, you can do this if you are using the self-hosted container runner.

Please cast your vote to this feature request to see this in the cloud environment.

Values Setup

agent:
  resourceClasses:
    namespace/container-runner:
     token: ${TOKEN}
     spec:
       containers:
        - resources:
          volumeMounts:
             - name: docker-socket
               mountPath: /var/run/docker.sock
          securityContext:
           privileged: true
       volumes:
         - name: docker-socket
           hostPath:
             path: /var/run/docker.sock
             type: Socket

Verifying Privileged Mode

You can run the following step within your job to verify the container is in privileged mode.

      - run:
          name: Privilege check
          command: |
            (ip link add dummy2 type dummy 2>&1 >/dev/null && echo "Running in privileged container" )|| (echo "Not in privileged container" )

You can also run the following Kubernetes command to verify.

kubectl get pod ${POD_NAME} -n <namespace> -o json | jq -r '.spec.containers[].securityContext.privileged'

Additional Resources

• Configure a Security Context for a Pod or Container