Fix: global privileged setting was ignored

fmichielssen · fmichielssen · commit e4a8dda567c6 · 2019-05-03T11:18:32.000+02:00
diff --git a/src/main/java/eu/openanalytics/containerproxy/backend/AbstractContainerBackend.java b/src/main/java/eu/openanalytics/containerproxy/backend/AbstractContainerBackend.java
@@ -61,6 +61,7 @@ public abstract class AbstractContainerBackend implements IContainerBackend {
 	protected static final String PROPERTY_URL = "url";
 	protected static final String PROPERTY_CERT_PATH = "cert-path";
 	protected static final String PROPERTY_CONTAINER_PROTOCOL = "container-protocol";
+	protected static final String PROPERTY_PRIVILEGED = "privileged";
 	
 	protected static final String DEFAULT_TARGET_PROTOCOL = "http";
 	
@@ -71,6 +72,7 @@ public abstract class AbstractContainerBackend implements IContainerBackend {
 	protected final Logger log = LogManager.getLogger(getClass());
 	
 	private boolean useInternalNetwork;
+	private boolean privileged;
 	
 	@Inject
 	protected IProxyTargetMappingStrategy mappingStrategy;
@@ -96,6 +98,7 @@ public abstract class AbstractContainerBackend implements IContainerBackend {
 	public void initialize() throws ContainerProxyException {
 		// If this application runs as a container itself, things like port publishing can be omitted.
 		useInternalNetwork = Boolean.valueOf(getProperty(PROPERTY_INTERNAL_NETWORKING, "false"));
+		privileged = Boolean.valueOf(getProperty(PROPERTY_PRIVILEGED, "false"));
 	}
 	
 	@Override
@@ -212,4 +215,8 @@ protected List<String> buildEnv(ContainerSpec containerSpec, Proxy proxy) throws
 	protected boolean isUseInternalNetwork() {
 		return useInternalNetwork;
 	}
+	
+	protected boolean isPrivileged() {
+		return privileged;
+	}
 }
diff --git a/src/main/java/eu/openanalytics/containerproxy/backend/docker/DockerEngineBackend.java b/src/main/java/eu/openanalytics/containerproxy/backend/docker/DockerEngineBackend.java
@@ -71,7 +71,7 @@ protected Container startContainer(ContainerSpec spec, Proxy proxy) throws Excep
 		Optional.ofNullable(spec.getNetwork()).ifPresent(n -> hostConfigBuilder.networkMode(spec.getNetwork()));
 		Optional.ofNullable(spec.getDns()).ifPresent(dns -> hostConfigBuilder.dns(dns));
 		Optional.ofNullable(spec.getVolumes()).ifPresent(v -> hostConfigBuilder.binds(v));
-		hostConfigBuilder.privileged(spec.isPrivileged());
+		hostConfigBuilder.privileged(isPrivileged() || spec.isPrivileged());
 		
 		ContainerConfig containerConfig = ContainerConfig.builder()
 			    .hostConfig(hostConfigBuilder.build())
diff --git a/src/main/java/eu/openanalytics/containerproxy/backend/kubernetes/KubernetesBackend.java b/src/main/java/eu/openanalytics/containerproxy/backend/kubernetes/KubernetesBackend.java
@@ -165,7 +165,7 @@ protected Container startContainer(ContainerSpec spec, Proxy proxy) throws Excep
 		}
 		
 		SecurityContext security = new SecurityContextBuilder()
-				.withPrivileged(spec.isPrivileged())
+				.withPrivileged(isPrivileged() || spec.isPrivileged())
 				.build();
 		
 		ResourceRequirementsBuilder resourceRequirementsBuilder = new ResourceRequirementsBuilder();

Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,7 @@ protected Container startContainer(ContainerSpec spec, Proxy proxy) throws Excep`
`165`	`165`	`}`
`166`	`166`
`167`	`167`	`SecurityContext security = new SecurityContextBuilder()`
`168`		`- .withPrivileged(spec.isPrivileged())`
	`168`	`+ .withPrivileged(isPrivileged() \|\| spec.isPrivileged())`
`169`	`169`	`.build();`
`170`	`170`
`171`	`171`	`ResourceRequirementsBuilder resourceRequirementsBuilder = new ResourceRequirementsBuilder();`