driver/docker-container/driver.go

@@ -144,13 +144,21 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
 					break
 				}
 			}
-			hc.SecurityOpt = append(hc.SecurityOpt, "seccomp=unconfined")
+			for i, k := range d.SecurityOpts {
-			hc.SecurityOpt = append(hc.SecurityOpt, "apparmor=unconfined")
+				switch {
-			hc.Privileged = false
+				case i == "systempaths":
-			//hc.SecurityOpt = append(hc.SecurityOpt, "systempaths=unconfined")
+					hc.MaskedPaths = []string{}
-			hc.MaskedPaths = []string{}
+					hc.ReadonlyPaths = []string{}
-			hc.ReadonlyPaths = []string{}
+				case i == "privileged":
-			//cfg.Env= append(cfg.Env,"systempaths=unconfined")
+					val, err := strconv.ParseBool(k)
+					if err != nil {
+						return errors.Errorf("invalid value privleged security option, options are true/false")
+					}
+					hc.Privileged = val
+				default:
+					hc.SecurityOpt = append(hc.SecurityOpt, i+"="+k)
+				}
+			}
 		}
 		_, err := d.DockerAPI.ContainerCreate(ctx, cfg, hc, &network.NetworkingConfig{}, nil, d.Name)
 		if err != nil && !errdefs.IsConflict(err) {