remove gating of ipc, user ns and pidmode based on hosts priviledge mode config

client/driver/docker.go

@@ -436,28 +436,8 @@ func (d *DockerDriver) createContainer(ctx *ExecContext, task *structs.Task,
 		hostConfig.DNSSearch = append(hostConfig.DNSSearch, domain)
 	}
 
-	if driverConfig.IpcMode != "" {
-		if !hostPrivileged {
-			return c, fmt.Errorf(`Docker privileged mode is disabled on this Nomad agent, setting ipc mode not allowed`)
-		}
-		d.logger.Printf("[DEBUG] driver.docker: setting ipc mode to %s", driverConfig.IpcMode)
-	}
 	hostConfig.IpcMode = driverConfig.IpcMode
-
-	if driverConfig.PidMode != "" {
-		if !hostPrivileged {
-			return c, fmt.Errorf(`Docker privileged mode is disabled on this Nomad agent, setting pid mode not allowed`)
-		}
-		d.logger.Printf("[DEBUG] driver.docker: setting pid mode to %s", driverConfig.PidMode)
-	}
 	hostConfig.PidMode = driverConfig.PidMode
-
-	if driverConfig.UTSMode != "" {
-		if !hostPrivileged {
-			return c, fmt.Errorf(`Docker privileged mode is disabled on this Nomad agent, setting UTS mode not allowed`)
-		}
-		d.logger.Printf("[DEBUG] driver.docker: setting UTS mode to %s", driverConfig.UTSMode)
-	}
 	hostConfig.UTSMode = driverConfig.UTSMode
 
 	hostConfig.NetworkMode = driverConfig.NetworkMode

website/source/docs/drivers/docker.html.md

@@ -304,9 +304,6 @@ options](/docs/agent/config.html#options):
   allow containers to use `privileged` mode, which gives the containers full
   access to the host's devices. Note that you must set a similar setting on the
   Docker daemon for this to work.
-  `true` will also allow containers to run with ipc_mode, pid_mode and uts_mode
-  set to `host`, which gives access to the hosts ipc, pid and UTS namespaces
-  respectively.  
 
 Note: When testing or using the `-dev` flag you can use `DOCKER_HOST`,
 `DOCKER_TLS_VERIFY`, and `DOCKER_CERT_PATH` to customize Nomad's behavior. If