in ecs-init/docker/docker_config.go [33:69]
func createHostConfig(binds []string) *godocker.HostConfig {
binds = append(binds,
config.ProcFS+":"+hostProcDir+readOnly,
iptablesUsrLibDir+":"+iptablesUsrLibDir+readOnly,
iptablesLibDir+":"+iptablesLibDir+readOnly,
iptablesUsrLib64Dir+":"+iptablesUsrLib64Dir+readOnly,
iptablesLib64Dir+":"+iptablesLib64Dir+readOnly,
iptablesExecutableHostDir+":"+iptablesExecutableContainerDir+readOnly,
iptablesAltDir+":"+iptablesAltDir+readOnly,
iptablesLegacyDir+":"+iptablesLegacyDir+readOnly,
)
logConfig := config.AgentDockerLogDriverConfiguration()
var caps []string
if !config.RunningInExternal() {
// CapNetAdmin and CapSysAdmin are needed for running task in awsvpc network mode.
// This network mode is (at least currently) not supported in external environment,
// hence not adding them in that case.
caps = []string{CapNetAdmin, CapSysAdmin}
}
hostConfig := &godocker.HostConfig{
LogConfig: logConfig,
Binds: binds,
NetworkMode: networkMode,
UsernsMode: usernsMode,
CapAdd: caps,
Init: true,
}
if config.RunPrivileged() {
hostConfig.Privileged = true
}
return hostConfig
}