diff --git a/runtime/execdriver/native/template/default_template.go b/runtime/execdriver/native/template/default_template.go index 6828812336..a1ecb04d76 100644 --- a/runtime/execdriver/native/template/default_template.go +++ b/runtime/execdriver/native/template/default_template.go @@ -7,7 +7,7 @@ import ( // New returns the docker default configuration for libcontainer func New() *libcontainer.Container { - return &libcontainer.Container{ + container := &libcontainer.Container{ CapabilitiesMask: libcontainer.Capabilities{ libcontainer.GetCapability("SETPCAP"), libcontainer.GetCapability("SYS_MODULE"), @@ -23,6 +23,7 @@ func New() *libcontainer.Container { libcontainer.GetCapability("MAC_OVERRIDE"), libcontainer.GetCapability("MAC_ADMIN"), libcontainer.GetCapability("NET_ADMIN"), + libcontainer.GetCapability("MKNOD"), }, Namespaces: libcontainer.Namespaces{ libcontainer.GetNamespace("NEWNS"), @@ -39,4 +40,6 @@ func New() *libcontainer.Container { "apparmor_profile": "docker-default", }, } + container.CapabilitiesMask.Get("MKNOD").Enabled = true + return container }