From 2968a83bc046f43be62852b94d07c531de97c416 Mon Sep 17 00:00:00 2001
From: Olli Janatuinen <olli.janatuinen@gmail.com>
Date: Wed, 4 May 2022 22:39:48 +0200
Subject: [PATCH] containerd: Enable enable_unprivileged_ports and
 enable_unprivileged_icmp by default

Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
---
 pkg/agent/templates/templates_linux.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/agent/templates/templates_linux.go b/pkg/agent/templates/templates_linux.go
index 829d110b33..05a135884c 100644
--- a/pkg/agent/templates/templates_linux.go
+++ b/pkg/agent/templates/templates_linux.go
@@ -15,6 +15,8 @@ const ContainerdConfigTemplate = `
   stream_server_address = "127.0.0.1"
   stream_server_port = "10010"
   enable_selinux = {{ .NodeConfig.SELinux }}
+  enable_unprivileged_ports = true
+  enable_unprivileged_icmp = true
 
 {{- if .DisableCgroup}}
   disable_cgroup = true