chore: add PidMode and Priviledged option

Signed-off-by: Arjun Raja Yogidas <[email protected]>

api/handlers/container/create.go

@@ -172,6 +172,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		OomKillDisable: req.HostConfig.OomKillDisable,
 		CidFile:        req.HostConfig.ContainerIDFile, // CidFile write the container ID to the file
 		OomScoreAdj:    req.HostConfig.OomScoreAdj,
+		Pid:            req.HostConfig.PidMode, // Pid namespace to use
 		// #endregion
 
 		// #region for platform flags
@@ -207,6 +208,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		SecurityOpt: []string{}, // nerdctl default.
 		CapAdd:      capAdd,
 		CapDrop:     capDrop,
+		Privileged:  req.HostConfig.Privileged,
 		// #endregion
 
 		// #region for runtime flags

api/handlers/container/create_test.go

@@ -629,6 +629,29 @@ var _ = Describe("Container Create API ", func() {
 			Expect(rr.Body).Should(MatchJSON(jsonResponse))
 		})
 
+		It("should set PidMode and Privileged option", func() {
+			body := []byte(`{
+				"Image": "test-image",
+				"HostConfig": {
+					"PidMode": "host",
+					"Privileged": true
+				}
+			}`)
+			req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))
+
+			// expected create options
+			createOpt.Pid = "host"
+			createOpt.Privileged = true
+
+			service.EXPECT().Create(gomock.Any(), "test-image", nil, equalTo(createOpt), equalTo(netOpt)).Return(
+				cid, nil)
+
+			// handler should return success message with 201 status code.
+			h.create(rr, req)
+			Expect(rr).Should(HaveHTTPStatus(http.StatusCreated))
+			Expect(rr.Body).Should(MatchJSON(jsonResponse))
+		})
+
 		It("should return 404 if the image was not found", func() {
 			body := []byte(`{"Image": "test-image"}`)
 			req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))
@@ -825,6 +848,7 @@ func getDefaultCreateOpt(conf config.Config) types.ContainerCreateOptions {
 		SecurityOpt: []string{}, // nerdctl default.
 		CapAdd:      []string{}, // nerdctl default.
 		CapDrop:     []string{}, // nerdctl default.
+		Privileged:  false,
 		// #endregion
 
 		// #region for runtime flags

api/types/container_types.go

@@ -81,10 +81,10 @@ type ContainerHostConfig struct {
 	IpcMode    string   // IPC namespace to use for the container
 	// TODO: Cgroup          CgroupSpec        // Cgroup to use for the container
 	// TODO: Links           []string          // List of links (in the name:alias form)
-	OomKillDisable bool // specifies whether to disable OOM Killer
-	OomScoreAdj    int  // specifies the tune container’s OOM preferences (-1000 to 1000, rootless: 100 to 1000)
-	// TODO: PidMode         PidMode           // PID namespace to use for the container
-	// TODO: Privileged      bool              // Is the container in privileged mode
+	OomKillDisable bool   // specifies whether to disable OOM Killer
+	OomScoreAdj    int    // specifies the tune container’s OOM preferences (-1000 to 1000, rootless: 100 to 1000)
+	PidMode        string // PID namespace to use for the container
+	Privileged     bool   // Is the container in privileged mode
 	// TODO: PublishAllPorts bool              // Should docker publish all exposed port for the container
 	// TODO: ReadonlyRootfs  bool              // Is the container root filesystem in read-only
 	// TODO: SecurityOpt     []string          // List of string values to customize labels for MLS systems, such as SELinux.