Add privileged_without_host_devices support (#7343)

When privileged is enabled for a container, all the `/dev/*` block devices from the host are mounted into the guest. The `privileged_without_host_devices` flag prevents host devices from being passed to privileged containers. More information: * https://github.com/containerd/cri/pull/1225 * 1d0f68156b
2026-02-15 02:00:03 -03:30 · 2021-03-08 00:17:44 -08:00
parent a9c97e5253
commit dc5df57c26
3 changed files with 4 additions and 0 deletions
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -65,6 +65,7 @@ containerd_default_runtime:
 #     type: io.containerd.kata.v2
 #     engine: ""
 #     root: ""
+#     privileged_without_host_devices: true
 containerd_runtimes: []

 containerd_untrusted_runtime_type: ''