feat: cgroupns support (#497)

* feat: Add cgroupns mode to docker container. * docs: Create docs.
2025-12-20 22:59:42 -05:00 · 2022-12-23 10:45:12 +01:00 · 2022-12-23 10:45:12 +01:00 · 8a4be13ce1
commit 8a4be13ce1
parent 9233454972
3 changed files with 20 additions and 0 deletions
--- a/docs/resources/container.md
+++ b/docs/resources/container.md
@ -37,6 +37,7 @@ resource "docker_image" "ubuntu" {

 - `attach` (Boolean) If `true` attach to the container after its creation and waits the end of its execution. Defaults to `false`.
 - `capabilities` (Block Set, Max: 1) Add or drop certrain linux capabilities. (see [below for nested schema](#nestedblock--capabilities))
+- `cgroupns_mode` (String) Cgroup namespace mode to use for the container. Possible values are: `private`, `host`.
 - `command` (List of String) The command to use to start the container. For example, to run `/usr/bin/myprogram -f baz.conf` set the command to be `["/usr/bin/myprogram","-f","baz.con"]`.
 - `container_read_refresh_timeout_milliseconds` (Number) The total number of milliseconds to wait for the container to reach status 'running'
 - `cpu_set` (String) A comma-separated list or hyphen-separated range of CPUs a container can use, e.g. `0-1`.
--- a/internal/provider/resource_docker_container.go
+++ b/internal/provider/resource_docker_container.go
@ -1000,6 +1000,12 @@ func resourceDockerContainer() *schema.Resource {
 				Optional:    true,
 				ForceNew:    true,
 			},
+			"cgroupns_mode": {
+				Type:        schema.TypeString,
+				Description: "Cgroup namespace mode to use for the container. Possible values are: `private`, `host`.",
+				Optional:    true,
+				ForceNew:    true,
+			},
 		},
 	}
 }
--- a/internal/provider/resource_docker_container_funcs.go
+++ b/internal/provider/resource_docker_container_funcs.go
@ -362,6 +362,19 @@ func resourceDockerContainerCreate(ctx context.Context, d *schema.ResourceData,
 		}
 	}

+	if v, ok := d.GetOk("cgroupns_mode"); ok {
+		if client.ClientVersion() >= "1.41" {
+			cgroupnsMode := container.CgroupnsMode(v.(string))
+			if !cgroupnsMode.Valid() {
+				return diag.Errorf("cgroupns_mode: invalid CGROUP mode, must be either 'private', 'host' or empty")
+			} else {
+				hostConfig.CgroupnsMode = cgroupnsMode
+			}
+		} else {
+			log.Printf("[WARN] cgroupns_mode requires docker version 1.41 or higher")
+		}
+	}
+
 	init := d.Get("init").(bool)
 	hostConfig.Init = &init