feat(settings): add a setting to disable privileged mode for non-admins (#1239)

app/components/createContainer/createContainerController.js

@@ -485,6 +485,7 @@ function ($q, $scope, $state, $transition$, $filter, Container, ContainerHelper,
     SettingsService.publicSettings()
     .then(function success(data) {
       $scope.allowBindMounts = data.AllowBindMountsForRegularUsers;
+      $scope.allowPrivilegedMode = data.AllowPrivilegedModeForRegularUsers;
     })
     .catch(function error(err) {
       Notifications.error('Failure', err, 'Unable to retrieve application settings');

app/components/createContainer/createcontainer.html

@@ -470,13 +470,13 @@
           <div class="tab-pane" id="runtime">
             <form class="form-horizontal" style="margin-top: 15px;">
               <!-- privileged-mode -->
-              <div class="form-group">
+              <div class="form-group" ng-if="isAdmin || allowPrivilegedMode">
                 <div class="col-sm-12">
-                  <label for="ownership" class="control-label text-left">
+                  <label for="privileged_mode" class="control-label text-left">
                     Privileged mode
                   </label>
                   <label class="switch" style="margin-left: 20px;">
-                    <input type="checkbox" ng-model="config.HostConfig.Privileged"><i></i>
+                    <input type="checkbox" name="privileged_mode" ng-model="config.HostConfig.Privileged"><i></i>
                   </label>
                 </div>
               </div>

app/components/settings/settings.html

@@ -26,6 +26,17 @@
               </label>
             </div>
           </div>
+          <div class="form-group">
+            <div class="col-sm-12">
+              <label for="toggle_allowbindmounts" class="control-label text-left">
+                Disable privileged mode for non-administrators
+                <portainer-tooltip position="bottom" message="When enabled, regular users will not be able to use privileged mode when creating containers."></portainer-tooltip>
+              </label>
+              <label class="switch" style="margin-left: 20px;">
+                <input type="checkbox" name="toggle_allowbindmounts" ng-model="formValues.restrictPrivilegedMode"><i></i>
+              </label>
+            </div>
+          </div>
           <!-- security -->
           <!-- logo -->
           <div class="col-sm-12 form-section-title">

app/components/settings/settingsController.js

@@ -7,6 +7,7 @@ function ($scope, $state, Notifications, SettingsService, StateManager, DEFAULT_
     customTemplates: false,
     externalContributions: false,
     restrictBindMounts: false,
+    restrictPrivilegedMode: false,
     labelName: '',
     labelValue: ''
   };
@@ -41,6 +42,7 @@ function ($scope, $state, Notifications, SettingsService, StateManager, DEFAULT_
     }
     settings.DisplayExternalContributors = !$scope.formValues.externalContributions;
     settings.AllowBindMountsForRegularUsers = !$scope.formValues.restrictBindMounts;
+    settings.AllowPrivilegedModeForRegularUsers = !$scope.formValues.restrictPrivilegedMode;
 
     updateSettings(settings, false);
   };
@@ -84,6 +86,7 @@ function ($scope, $state, Notifications, SettingsService, StateManager, DEFAULT_
       }
       $scope.formValues.externalContributions = !settings.DisplayExternalContributors;
       $scope.formValues.restrictBindMounts = !settings.AllowBindMountsForRegularUsers;
+      $scope.formValues.restrictPrivilegedMode = !settings.AllowPrivilegedModeForRegularUsers;
     })
     .catch(function error(err) {
       Notifications.error('Failure', err, 'Unable to retrieve application settings');