diff --git a/docs/resources/container.md b/docs/resources/container.md index aa2b12f6..c83e9301 100644 --- a/docs/resources/container.md +++ b/docs/resources/container.md @@ -37,6 +37,7 @@ resource "docker_image" "ubuntu" { - `attach` (Boolean) If `true` attach to the container after its creation and waits the end of its execution. Defaults to `false`. - `capabilities` (Block Set, Max: 1) Add or drop certrain linux capabilities. (see [below for nested schema](#nestedblock--capabilities)) +- `cgroupns_mode` (String) Cgroup namespace mode to use for the container. Possible values are: `private`, `host`. - `command` (List of String) The command to use to start the container. For example, to run `/usr/bin/myprogram -f baz.conf` set the command to be `["/usr/bin/myprogram","-f","baz.con"]`. - `container_read_refresh_timeout_milliseconds` (Number) The total number of milliseconds to wait for the container to reach status 'running' - `cpu_set` (String) A comma-separated list or hyphen-separated range of CPUs a container can use, e.g. `0-1`. diff --git a/internal/provider/resource_docker_container.go b/internal/provider/resource_docker_container.go index 13ee3fc2..00e2165b 100644 --- a/internal/provider/resource_docker_container.go +++ b/internal/provider/resource_docker_container.go @@ -1000,6 +1000,12 @@ func resourceDockerContainer() *schema.Resource { Optional: true, ForceNew: true, }, + "cgroupns_mode": { + Type: schema.TypeString, + Description: "Cgroup namespace mode to use for the container. Possible values are: `private`, `host`.", + Optional: true, + ForceNew: true, + }, }, } } diff --git a/internal/provider/resource_docker_container_funcs.go b/internal/provider/resource_docker_container_funcs.go index 43109a3b..a97482cf 100644 --- a/internal/provider/resource_docker_container_funcs.go +++ b/internal/provider/resource_docker_container_funcs.go @@ -362,6 +362,19 @@ func resourceDockerContainerCreate(ctx context.Context, d *schema.ResourceData, } } + if v, ok := d.GetOk("cgroupns_mode"); ok { + if client.ClientVersion() >= "1.41" { + cgroupnsMode := container.CgroupnsMode(v.(string)) + if !cgroupnsMode.Valid() { + return diag.Errorf("cgroupns_mode: invalid CGROUP mode, must be either 'private', 'host' or empty") + } else { + hostConfig.CgroupnsMode = cgroupnsMode + } + } else { + log.Printf("[WARN] cgroupns_mode requires docker version 1.41 or higher") + } + } + init := d.Get("init").(bool) hostConfig.Init = &init