Added NEKO_ROOMS_NEKO_PRIVILEGED_IMAGES setting to run privileged ima…

…ges (#49)

internal/config/room.go

@@ -17,6 +17,7 @@ type Room struct {
 
 	NAT1To1IPs []string
 	NekoImages []string
+	NekoPrivilegedImages []string
 	PathPrefix string
 	Labels     []string
 
@@ -63,6 +64,11 @@ func (Room) Init(cmd *cobra.Command) error {
 		return err
 	}
 
+	cmd.PersistentFlags().StringSlice("neko_privileged_images", []string{}, "Whitelist of images allowed to be executed with Privileged mode")
+	if err := viper.BindPFlag("neko_privileged_images", cmd.PersistentFlags().Lookup("neko_privileged_images")); err != nil {
+		return err
+	}
+
 	cmd.PersistentFlags().String("path_prefix", "", "path prefix that is added to every room path")
 	if err := viper.BindPFlag("path_prefix", cmd.PersistentFlags().Lookup("path_prefix")); err != nil {
 		return err
@@ -164,6 +170,7 @@ func (s *Room) Set() {
 
 	s.NAT1To1IPs = viper.GetStringSlice("nat1to1")
 	s.NekoImages = viper.GetStringSlice("neko_images")
+	s.NekoPrivilegedImages = viper.GetStringSlice("neko_privileged_images")
 	s.PathPrefix = viper.GetString("path_prefix")
 	s.Labels = viper.GetStringSlice("labels")
 

internal/room/manager.go

@@ -107,6 +107,8 @@ func (manager *RoomManagerCtx) Create(settings types.RoomSettings) (string, erro
 		return "", fmt.Errorf("invalid neko image")
 	}
 
+	isPrivilegedImage, _ := utils.ArrayIn(settings.NekoImage, manager.config.NekoPrivilegedImages)
+
 	// TODO: Check if path name exists.
 	roomName := settings.Name
 	if roomName == "" {
@@ -440,6 +442,8 @@ func (manager *RoomManagerCtx) Create(settings types.RoomSettings) (string, erro
 			NanoCPUs:  settings.Resources.NanoCPUs,
 			Memory:    settings.Resources.Memory,
 		},
+		// Privileged
+		Privileged: isPrivilegedImage,
 	}
 
 	networkingConfig := &network.NetworkingConfig{