Add privileged option.

ansible-collections · Jul 25, 2024 · 11e219f · 11e219f
1 parent 7cb8004
commit 11e219f
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/changelogs/fragments/943-connection.yml b/changelogs/fragments/943-connection.yml
@@ -1,2 +1,3 @@
 minor_changes:
   - "docker, docker_api connection plugins - allow to determine the working directory when executing commands with the new ``working_dir`` option (https://github.com/ansible-collections/community.docker/pull/943)."
+  - "docker, docker_api connection plugins - allow to execute commands with extended privileges with the new ``privileges`` option (https://github.com/ansible-collections/community.docker/pull/943)."
diff --git a/plugins/connection/docker.py b/plugins/connection/docker.py
@@ -105,6 +105,20 @@
           - name: ansible_docker_working_dir
         type: string
         version_added: 3.12.0
+    privileged:
+        description:
+          - Whether commands should be run with extended privileges.
+          - B(Note) that this allows command to potentially break out of the container. Use with care!
+        env:
+          - name: ANSIBLE_DOCKER_PRIVILEGED
+        ini:
+          - key: privileged
+            section: docker_connection
+        vars:
+          - name: ansible_docker_privileged
+        type: boolean
+        default: false
+        version_added: 3.12.0
 '''
 
 import fcntl
@@ -261,6 +275,9 @@ def _build_exec_cmd(self, cmd):
                     .format(self.docker_version)
                 )
 
+        if self.get_option('privileged'):
+            local_cmd += [b'--privileged']
+
         # -i is needed to keep stdin open which allows pipelining to work
         local_cmd += [b'-i', self.get_option('remote_addr')] + cmd
 

diff --git a/plugins/connection/docker_api.py b/plugins/connection/docker_api.py
@@ -99,6 +99,20 @@
           - name: ansible_docker_working_dir
         type: string
         version_added: 3.12.0
+    privileged:
+        description:
+          - Whether commands should be run with extended privileges.
+          - B(Note) that this allows command to potentially break out of the container. Use with care!
+        env:
+          - name: ANSIBLE_DOCKER_PRIVILEGED
+        ini:
+          - key: privileged
+            section: docker_connection
+        vars:
+          - name: ansible_docker_privileged
+        type: boolean
+        default: false
+        version_added: 3.12.0
 '''
 
 import os
@@ -225,7 +239,7 @@ def exec_command(self, cmd, in_data=None, sudoable=False):
         data = {
             'Container': self.get_option('remote_addr'),
             'User': self.get_option('remote_user') or '',
-            'Privileged': False,
+            'Privileged': self.get_option('privileged'),
             'Tty': False,
             'AttachStdin': need_stdin,
             'AttachStdout': True,