adnxn
diff --git a/‎ecs-init/cache/dependencies_mocks.go‎
Lines changed: 1 addition & 1 deletion b/‎ecs-init/cache/dependencies_mocks.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ecs-init/config/common.go‎
Lines changed: 7 additions & 0 deletions b/‎ecs-init/config/common.go‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎ecs-init/config/common_test.go‎
Lines changed: 27 additions & 0 deletions b/‎ecs-init/config/common_test.go‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎ecs-init/docker/backoff_mocks.go‎
Lines changed: 1 addition & 1 deletion b/‎ecs-init/docker/backoff_mocks.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ecs-init/docker/dependencies_mocks.go‎
Lines changed: 1 addition & 1 deletion b/‎ecs-init/docker/dependencies_mocks.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ecs-init/docker/docker_unspecified.go‎
Lines changed: 7 additions & 1 deletion b/‎ecs-init/docker/docker_unspecified.go‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎ecs-init/engine/dependencies_mocks.go‎
Lines changed: 1 addition & 1 deletion b/‎ecs-init/engine/dependencies_mocks.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ecs-init/exec/iptables/cmd_mocks.go‎
Lines changed: 1 addition & 1 deletion b/‎ecs-init/exec/iptables/cmd_mocks.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ecs-init/exec/iptables/exec_mocks.go‎
Lines changed: 1 addition & 1 deletion b/‎ecs-init/exec/iptables/exec_mocks.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ecs-init/exec/sysctl/cmd_mocks.go‎
Lines changed: 1 addition & 1 deletion b/‎ecs-init/exec/sysctl/cmd_mocks.go‎
Lines changed: 1 addition & 1 deletion
@@ -228,6 +228,13 @@ func InstanceConfigFile() string {
 return InstanceConfigDirectory() + "/ecs.config"
 }
 
+// RunPrivileged returns if agent should be invoked with '--privileged'. This is not
+// recommended and may be removed in future versions of amazon-ecs-init.
+func RunPrivileged() bool {
+envVar := os.Getenv("ECS_AGENT_RUN_PRIVILEGED")
+return envVar == "true"
+}
+
 func agentArtifactName(version string, arch string) (string, error) {
 var interpose string
 switch arch {
 
@@ -177,3 +177,30 @@ func TestAgentRemoteTarballKey(t *testing.T) {
 })
 }
 }
+
+func TestAgentPrivileged(t *testing.T) {
+os.Setenv("ECS_AGENT_RUN_PRIVILEGED", "true")
+defer os.Unsetenv("ECS_AGENT_RUN_PRIVILEGED")
+
+if !RunPrivileged() {
+t.Fatalf("Agent was expected to be running with privileged mode")
+}
+}
+
+func TestAgentPrivilegedNotConfigured(t *testing.T) {
+defer os.Unsetenv("ECS_AGENT_RUN_PRIVILEGED")
+cases := []string{
+"false",
+"unrelated_word",
+"1",
+"",
+}
+
+for _, test := range cases {
+os.Setenv("ECS_AGENT_RUN_PRIVILEGED", test)
+
+if RunPrivileged() {
+t.Errorf("Agent was expected to be running without privileged mode. Testcase (%s)", test)
+}
+}
+}
@@ -44,12 +44,18 @@ func createHostConfig(binds []string) *godocker.HostConfig {
 
 logConfig := config.AgentDockerLogDriverConfiguration()
 
-return &godocker.HostConfig{
+hostConfig := &godocker.HostConfig{
 LogConfig: logConfig,
 Binds: binds,
 NetworkMode: networkMode,
 UsernsMode: usernsMode,
 CapAdd: []string{CapNetAdmin, CapSysAdmin},
 Init: true,
 }
+
+if config.RunPrivileged() {
+hostConfig.Privileged = true
+}
+
+return hostConfig
 }