From 429e6aa319a89bf6b5687b69940455a060d0ecd8 Mon Sep 17 00:00:00 2001 From: Hongbin Lu Date: Thu, 1 Dec 2016 16:30:39 -0600 Subject: [PATCH] Disable privileged container in Nova driver Containers provisioned by Nova are used as sandboxes, so these containers don't need to run on priviledged mode. In addition, remove some unused imported config. Change-Id: I62eba0bf360c715cfdb1bcfb43bd356d2dbf1e08 --- nova/virt/docker/driver.py | 5 ----- nova/virt/docker/vifs.py | 1 - 2 files changed, 6 deletions(-) diff --git a/nova/virt/docker/driver.py b/nova/virt/docker/driver.py index 86264fd51..e5bcb84a9 100644 --- a/nova/virt/docker/driver.py +++ b/nova/virt/docker/driver.py @@ -55,7 +55,6 @@ from nova.virt import hostutils from nova.virt import images CONF = cfg.CONF -CONF.import_opt('my_ip', 'nova.conf.netconf') CONF.import_opt('instances_path', 'nova.compute.manager') docker_opts = [ @@ -89,9 +88,6 @@ docker_opts = [ help='Shared directory where glance images located. If ' 'specified, docker will try to load the image from ' 'the shared directory by image ID.'), - cfg.BoolOpt('privileged', - default=False, - help='Set true can own all root privileges in a container.'), cfg.ListOpt('default_nameservers', default=['8.8.8.8', '8.8.4.4'], help='The default DNS server to use.'), @@ -500,7 +496,6 @@ class DockerDriver(driver.ComputeDriver): 'mem_limit': self._get_memory_limit_bytes(instance), 'cpu_shares': self._get_cpu_shares(instance), 'network_disabled': True, - 'privileged': CONF.docker.privileged, 'binds': self._get_binds(instance, network_info), } diff --git a/nova/virt/docker/vifs.py b/nova/virt/docker/vifs.py index 02bd49e81..7aaa1b1f4 100644 --- a/nova/virt/docker/vifs.py +++ b/nova/virt/docker/vifs.py @@ -32,7 +32,6 @@ import random assert manager CONF = cfg.CONF -CONF.import_opt('my_ip', 'nova.conf.netconf') CONF.import_opt('vlan_interface', 'nova.manager') CONF.import_opt('flat_interface', 'nova.manager')