runservice: add privileged containers options

internal/config/config.go

@@ -70,6 +70,7 @@ type Container struct {
 	Image       string            `yaml:"image,omitempty"`
 	Environment map[string]string `yaml:"environment,omitempty"`
 	User        string            `yaml:"user"`
+	Privileged  bool              `yaml:"privileged"`
 }
 
 type Pipeline struct {

internal/runconfig/runconfig.go

@@ -36,6 +36,7 @@ func genRuntime(c *config.Config, runtimeName string) *rstypes.Runtime {
 			Image:       cc.Image,
 			Environment: cc.Environment,
 			User:        cc.User,
+			Privileged:  cc.Privileged,
 		})
 	}
 	return &rstypes.Runtime{

internal/services/runservice/executor/driver/docker.go

@@ -150,6 +150,7 @@ func (d *DockerDriver) NewPod(ctx context.Context, podConfig *PodConfig) (Pod, e
 	}, &container.HostConfig{
 		Binds:         []string{fmt.Sprintf("%s:%s", d.initVolumeHostDir, podConfig.InitVolumeDir)},
 		ReadonlyPaths: []string{fmt.Sprintf("%s:%s", d.initVolumeHostDir, podConfig.InitVolumeDir)},
+		Privileged:    containerConfig.Privileged,
 	}, nil, "")
 	if err != nil {
 		return nil, err

internal/services/runservice/executor/driver/driver.go

@@ -76,6 +76,7 @@ type ContainerConfig struct {
 	WorkingDir   string
 	Image        string
 	User         string
+	Privileged   bool
 	RegistryAuth string
 }
 

internal/services/runservice/executor/executor.go

@@ -449,6 +449,7 @@ func (e *Executor) executeTask(ctx context.Context, et *types.ExecutorTask) {
 				Env:        et.Containers[0].Environment,
 				WorkingDir: et.WorkingDir,
 				User:       et.Containers[0].User,
+				Privileged: et.Containers[0].Privileged,
 			},
 		},
 	}

internal/services/runservice/types/types.go

@@ -387,7 +387,9 @@ type ExecutorTask struct {
 	WorkingDir  string            `json:"working_dir,omitempty"`
 	Shell       string            `json:"shell,omitempty"`
 	User        string            `json:"user,omitempty"`
-	Steps       []interface{}     `json:"steps,omitempty"`
+	Privileged  bool              `yaml:"privileged"`
+
+	Steps []interface{} `json:"steps,omitempty"`
 
 	Status     ExecutorTaskStatus `json:"status,omitempty"`
 	SetupError string             `fail_reason:"setup_error,omitempty"`
@@ -422,6 +424,7 @@ type Container struct {
 	Image       string            `json:"image,omitempty"`
 	Environment map[string]string `json:"environment,omitempty"`
 	User        string            `json:"user,omitempty"`
+	Privileged  bool              `json:"privileged"`
 }
 
 type Workspace []WorkspaceLevel