Implement privileged support

Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>

agent/exec/dockerapi/container.go

@@ -212,6 +212,7 @@ func (c *containerConfig) hostConfig() *enginecontainer.HostConfig {
 		Isolation:    c.isolation(),
 		CapAdd:       c.spec().CapabilityAdd,
 		CapDrop:      c.spec().CapabilityDrop,
+		Privileged:   c.spec().Privileged,
 	}
 
 	// The format of extra hosts on swarmkit is specified in:

agent/exec/dockerapi/container_test.go

@@ -299,6 +299,26 @@ func TestCapabilityDrop(t *testing.T) {
 	}
 }
 
+func TestPrivileged(t *testing.T) {
+	c := containerConfig{
+		task: &api.Task{
+			Spec: api.TaskSpec{
+				Runtime: &api.TaskSpec_Container{
+					Container: &api.ContainerSpec{
+						Privileged: true,
+					},
+				},
+			},
+		},
+	}
+
+	expected := true
+	actual := c.hostConfig().Privileged
+	if !reflect.DeepEqual(actual, expected) {
+		t.Fatalf("expected %s, got %s", expected, actual)
+	}
+}
+
 func TestUlimits(t *testing.T) {
 	c := containerConfig{
 		task: &api.Task{

cmd/swarmctl/service/flagparser/container.go

@@ -76,5 +76,13 @@ func parseContainer(flags *pflag.FlagSet, spec *api.ServiceSpec) error {
 		}
 	}
 
+	if flags.Changed("privileged") {
+		privileged, err := flags.GetBool("privileged")
+		if err != nil {
+			return err
+		}
+		spec.Task.GetContainer().Privileged = privileged
+	}
+
 	return nil
 }

cmd/swarmctl/service/flagparser/flags.go

@@ -25,6 +25,7 @@ func AddServiceFlags(flags *pflag.FlagSet) {
 	flags.StringSlice("env", nil, "container env")
 	flags.Bool("tty", false, "open a tty on standard streams")
 	flags.Bool("open-stdin", false, "open standard input")
+	flags.Bool("privileged", false, "give extended privileges to container (default false)")
 
 	flags.StringSlice("ports", nil, "ports")
 	flags.String("network", "", "network name")