Disable privileged container in Nova driver

Containers provisioned by Nova are used as sandboxes, so these containers don't need to run on priviledged mode. In addition, remove some unused imported config. Change-Id: I62eba0bf360c715cfdb1bcfb43bd356d2dbf1e08
2016-12-01 16:30:39 -06:00 · 2016-12-01 16:30:39 -06:00 · 429e6aa319
commit 429e6aa319
parent ae950b3478
2 changed files with 0 additions and 6 deletions
--- a/nova/virt/docker/driver.py
+++ b/nova/virt/docker/driver.py
@ -55,7 +55,6 @@ from nova.virt import hostutils
 from nova.virt import images

 CONF = cfg.CONF
-CONF.import_opt('my_ip', 'nova.conf.netconf')
 CONF.import_opt('instances_path', 'nova.compute.manager')

 docker_opts = [
@ -89,9 +88,6 @@ docker_opts = [
               help='Shared directory where glance images located. If '
                    'specified, docker will try to load the image from '
                    'the shared directory by image ID.'),
-    cfg.BoolOpt('privileged',
-                default=False,
-                help='Set true can own all root privileges in a container.'),
    cfg.ListOpt('default_nameservers',
                default=['8.8.8.8', '8.8.4.4'],
                help='The default DNS server to use.'),
@ -500,7 +496,6 @@ class DockerDriver(driver.ComputeDriver):
            'mem_limit': self._get_memory_limit_bytes(instance),
            'cpu_shares': self._get_cpu_shares(instance),
            'network_disabled': True,
-            'privileged': CONF.docker.privileged,
            'binds': self._get_binds(instance, network_info),
        }

--- a/nova/virt/docker/vifs.py
+++ b/nova/virt/docker/vifs.py
@ -32,7 +32,6 @@ import random
 assert manager

 CONF = cfg.CONF
-CONF.import_opt('my_ip', 'nova.conf.netconf')
 CONF.import_opt('vlan_interface', 'nova.manager')
 CONF.import_opt('flat_interface', 'nova.manager')